tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/50605-storing-keys-in-mac-keychain-accessGPGTools: Discussion 2018-03-26T18:50:47Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/413178652016-12-01T18:18:24Z2018-03-26T18:50:21ZStoring keys in Mac Keychain Access<div><p>Hey optiondog,</p>
<p>did you type '86,400' for the amount of seconds your password should be cached? If so, could you retry your experiment with '86400' instead. I fear you may have set the caching time to 86 seconds.</p>
<p>Please see this <a href="https://gpgtools.tenderapp.com/kb/faq/passphrase-management">KB-article</a> on how to manage passwords for your keys.</p>
<p>You now used another method and stored your password in the macOS keychain. Above KB article has the details.</p>
<p>All the best,<br>
steve</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/413178652016-12-01T23:16:40Z2016-12-01T23:16:40ZStoring keys in Mac Keychain Access<div><p>Thank you for your all your help. <br>
I'm pretty sure I didn't enter a comma. I initially tried
172,800 and it told me that I can't set it for that long so that
means I didn't use a comma on that attempt. Otherwise it
would have allowed it. And I when I changed it to 86,400 I
don't think I suddenly decided to add a comma. I just opened
the prefs and there's no comma so even if I had typed a comma it
apparently deleted it on it's own. It's stored now because I
checked it in the dialog box when the pin entry message came up
again. <br>
BTW, I opened my Mac Keychain Access and it only shows one of my
public keys stored. I have created several keys and the one
that shows as being stored is one that I don't even use. I'm
still not getting anymore pin entry messages (which is fine) but it
seems like should be getting messages wanting me to store my other
keys too. Any idea why I'm not getting any?<br>
Still wondering how to locate my secret key too. Are they
supposed to be in the private-keys-v1.d folder? That folder
is empty. There is a document called securing.gpg. Is
that it? Maybe you answered this in another recent message.
I'll check to see.<br>
Thanks</p></div>optiondogtag:gpgtools.tenderapp.com,2011-11-04:Comment/413178652016-12-03T20:09:23Z2016-12-03T20:09:23ZStoring keys in Mac Keychain Access<div><p>The current max. is 86999 seconds. We probably should limit the
field to 5 digits and then allow 99999 as maximum.</p>
<p>We have a ticket for this problem. I connected this discussion
with the existing ticket. That means, should this discussion get
closed, it will be re-opened as soon as the ticket is closed. That
way you'll stay in the loop and get notified as soon as we have
news. Feel free to open a new discussions should you run into
further problems or need assistance.</p>
<p>Regarding macOS keychain storage: while you may have created
more than one key, that doesn't necessarily mean, those already
have their passwords stored in macOS keychain.</p>
<p>Whenever the key is required to sign or decrypt you will be
asked for your password (in case it is not stored in macOS
keychain). So to trigger the dialog just sign some sample text in
TextEdit with the respective key and pinentry should show.</p>
<p>Secret keys are indeed stored in the securing.gpg file.</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/413178652016-12-04T20:45:21Z2016-12-04T20:45:21ZStoring keys in Mac Keychain Access<div><p>I have several public keys but I only have one passphrase. So
now that I have stored that passphrase by checking that box in that
last pin entry message dialog box I got, shouldn't Mac Keychain
Access show my other keys too since they're all associated with the
same passphrase?<br>
After I checked the box to store my passphrase, I stopped receiving
the messages so that would imply that by storing it this way I can
store it for more that 86999 seconds. <br>
It also implies that all my public keys are being stored, otherwise
I would still be getting pin entry messages. Those messages
kept appearing without me having to sign any text with my key.<br>
Many thanks</p></div>optiondogtag:gpgtools.tenderapp.com,2011-11-04:Comment/413178652016-12-12T10:41:24Z2016-12-12T10:41:24ZStoring keys in Mac Keychain Access<div><p>No, that's not how things work. Passwords are not associated
with all keys if they are the same. Thoughts about that:</p>
<ul>
<li>you should never reuse passwords in more than one occasion
(unless you have really good reason to do so) since it lowers
security a lot and if you get compromised the entire security
process collapses</li>
</ul>
<p>macOS keychain access can store your password but does so only
in regards to a specific key. So to answer your question: you will
have to store any password you want stored separately, even if it
is an identical password (which again, is a policy, we would not
recommend).</p>
<p>The pinentry dialog is not related to usage of your public key.
Those dialogs where probably triggered by either sending a signed
mail or looking at encrypted mails for which in order to decrypt
them access to your secret key was requested.</p>
<p>All the best,<br>
steve</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/413178652016-12-12T19:37:42Z2016-12-12T19:37:42ZStoring keys in Mac Keychain Access<div><p>The pin entry dialogs were appearing without me doing any
of that. In fact, on many occasions I would simply wake up my
computer from sleep mode and the dialog would be there on my
screen. <br>
I never realized I was supposed to use different passwords.
When you say I should never reuse the password in more than
one occasion, do you actually mean I should use a different
password every time I encrypt or decrypt a message even if I'm
using the same public key? Or just use a different password
for each different public key I use? Either way I suppose
I'll have to learn how to create different passwords. Perhaps
you have a link to some instructions on that?<br>
Thanks</p></div>optiondogtag:gpgtools.tenderapp.com,2011-11-04:Comment/413178652016-12-15T11:52:38Z2016-12-15T11:52:38ZStoring keys in Mac Keychain Access<div><p>Was Mail.app open when you put your machine to sleep? Try the
same but make sure you select an empty folder or inbox before
putting your computer to sleep. Then pinentry should not show
up.</p>
<p>What I meant by not using the same password was the (sadly)
common practice to use one password for all your logins (and keys).
That's not a good idea. If you get compromised due to whatever
reasons, you got a real problem. So it is recommended to not re-use
the same password. If you set a password for a certain OpenPGP key,
that password remains the same of course. Unless you decide to
change it every 6 months. Which again isn't such a bad idea, as
long as you have a good way to keep track of your passwords.</p>
<p>Password managers are one solution to the problem. They generate
strong passwords. But again, it should be a software which you can
trust. I would not use a web based password manager.</p>
<p>If you prefere paper, you may want to look into creating
diceware passwords <a href="https://en.wikipedia.org/wiki/Diceware">https://en.wikipedia.org/wiki/Diceware</a>.</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/413178652017-05-24T15:45:04Z2017-05-24T15:45:04ZStoring keys in Mac Keychain Access<div><p>Hi optiondog,</p>
<p>the issue with the caching time filed has been fixed. If you want to test the fix, please download our <a href="https://releases.gpgtools.org/nightlies/">latest nightly GPG Suite</a>. That page also has sig and SHA1 to verify the download.</p>
<p>Should the problem persist, please re-open this discussion and let us know. For more questions that are not related to this specific problem, you are welcome to create a new discussion any time.</p>
<p>Best, steve</p>
<p>Disclaimer: This is a development version which has not been thoroughly tested yet, so bugs or crashes are to be expected. Thanks for helping us test this fix.</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/413178652018-01-11T23:20:12Z2018-01-11T23:20:12ZStoring keys in Mac Keychain Access<div><p>I currently have OS X 10.11.6 on my iMac. I have GPG Keychain 1.2.1 (1147). Will your current version work with my operating system?<br>
I believe your current version is GPG Suite 2017.2 with Keychain 1.4.1. Your update information says GPG Mail 3.ob2 (10.13 only). Does that mean it only works with OS X 10.13? <br>
But I read somewhere that when I install GPG Suite I can do a custom install and select which tools I want. For example I can choose to only install GPG Keychain. Is this true? I think I might have done that when I originally installed it because currently all I have is GPG Keychain. I don’t have GPG Mail and I have never needed it. Another article online said that on a Mac it only installs GPG Keychain anyway. So is this true or can I custom install and just get GPG Keychain?<br>
If your current version of GPG Keychain doesn’t work with Mac OS X 10.11.6, do you still have an earlier version that will work with it?<br>
When your update messages appear on my screen asking me if I want to update now, if I click it will it actually install it or will it just upload it to my Download folder? I started to do it one day in the hopes that it would just download it but a progress bar appeared which made me think it might be installing it so I cancelled it. Does it work the same way if I download it from your website?<br>
I tried to make a donation once using PayPal but either something went wrong or maybe something happened that confused me. I can’t even remember exactly what happened as it was some time ago. Anyway, if your current updates aren’t charging yet, then how can I make a donation using PayPal? <br>
Thank you so much,<br>
Howard</p></div>optiondogtag:gpgtools.tenderapp.com,2011-11-04:Comment/413178652018-01-13T14:33:22Z2018-01-13T14:33:22ZStoring keys in Mac Keychain Access<div><p>Hi Howard,</p>
<p>the current release is GPG Suite 2017.3 and it supports macOS 10.9 and newer. Everything works fine on macOS 10.11.</p>
<p>You can indeed customize the installation and deselect components if you want during install. To do that, download GPG Suite, mount the installer and keep looking for the "Customize" button.</p>
<p>When you see an update message, that will download the new software and install it without you have to mount anything. So if you just want to download the new version and install it at a later point in time, I'd suggest to download GPG Suite from the homepage.</p>
<p>GPG Suite is currently still free. Donations can be made here: <a href="https://gpgtools.org/donate.html">https://gpgtools.org/donate.html</a></p>
<p>Have a great weekend and let me know if you have further questions.</p>
<p>Best,<br>
steve</p></div>Steve