tag:gpgtools.tenderapp.com,2011-11-04:/discussions/feedback/13021-encryption-persistenceGPGTools: Discussion 2018-12-04T17:35:53Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/465664512018-12-03T22:23:18Z2018-12-03T22:23:18ZEncryption "Persistence".<div><p>Hi Quentin,</p>
<p>any data related to your keys or GnuPG configuration is stored in <code>~/.gnupg</code>. GPG Keychain is only a graphical user interface to administrate your keys, but doesn't control access to your keys. So whether GPG Keychain is running or not does not influence any encryption or decryption processes.<br>
in order to decrypt a message, access to the secret key is necessary. If the secret key is protected with a passphrase, which it is in most cases, in two scenarios the message can be automatically decrypted without asking the user for their password/passphrase:</p>
<ol>
<li>The passphrase is stored in macOS Keychain. This is the default setting.<br></li>
<li>The passphrase is stored in the local cache of GnuPG (more precisely gpg-agent)</li>
</ol>
<p>If 1 is configured, you will never be asked for your passphrase in order to decrypt messages (except the first time, so the passphrase can be stored in macOS Keychain)</p>
<p>If you want to be asked for your passphrase periodically disable the keychain option in <code>System Preferences › GPG Suite › General</code>. If you <em>always</em> want to be asked for your passphrase, make sure to also set the cache time to 0.</p>
<p>Hope that helps.</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/465664512018-12-04T17:14:13Z2018-12-04T17:14:14ZEncryption "Persistence".<div><p>Luke Le</p>
<p>Thank you for your reply which has indeed been very helpful, I'm much clearer now.</p>
<p>Quentin.</p></div>Quentin