or Create a profile

Home Stable

File decrypt without ask for passphrase

Fernando Paludo's Avatar

Fernando Paludo

15 Aug, 2015 02:26 PM

GPGServices

Mac OS X 10.10.5 (14F27)
Libmacgpg 0.5 717
GPGMail 2.5 1009
GPG Keychain 1.2 1103
GPGServices 1.10 830
MacGPG2 2.0.27 838
GPGPreferences 1.5 818

Earlier, I have started use GPG tools when its beta yet (about 2014.11). So then, when i encrypt a file, i mark "Encrypt with password"it generates a ".gpg" file and, when i have to extract/decrypt, it asks me for my passphrase to unlock/decrypt.

I did a full reinstall of my yosemite, to solve some questions, not gpg-related. Then i installed the actual version of gpg tools.

But now, when i encrypt a file/group of files no matter if i sign, or mark to encrypt with password, when i double-click the file, it decrypt without any security, exposing encrypted content.

Do i am doing anything wrong? whats going on that GPG is not protecting the encrypted-passworded file? How to solve it?

What did you expect instead

After generate a encrypted with passphrase file, when i go to decrypt, it asks for the passphrase to unlock file access

Describe steps leading to the problem.

  1. Select file in finder clicking in Mac drop-down file menu> Services > OpenPGP: Encrypt File
  2. In Choose Recipients - GPGServices dialog box i choose My personal key, mark "Encrypt with password" and click "OK" (the .gpg file is then, generated)
  3. I decrypt fies with two-clicks over the file. Then an "Archive.zip" appears near to original-encrypted file.

No other plug-ins, and problem is not Mail-relative

  1. Support Staff 1 Posted by Steve on 17 Aug, 2015 06:22 PM

    Steve's Avatar

    Hi Fernando,

    first, it is important to understand that encrypt with password is symmetric encryption. From what you write, there's no real reason to actually use that option, since you could as well be using asymmetric encryption. You do that by selecting your own key (it is likely pre-selected already if you have defined a default key in GPGPreferences). Then check the box "Add to recipients". If you then hit "ok" the file or folder in question will be encrypted using your public key. By doing that, there's no reason for the "Encrypt with password" option at all.

    Next, why are your files decrypted without you being asked for your passphrase?

    This is related to passphrase management. Please see this KB-article on how to manage passphrases. Either your passphrase was stored in the OS X keychain or it was still in the cache when you tried to decrypt the file in question.

    Let me know if this answers your question.

    All the best,
    steve

  2. 2 Posted by Fernando Paludo on 17 Aug, 2015 09:10 PM

    Fernando Paludo's Avatar

    Hi Steve,

    Yes, You really help me understading what’s going on. Really thank you. But, i want to ask you one more thing, that is subordinate from main doubt:

    Once my mac is storing passphrases on OSX keychain, my encrypted files aren`t protected when a possible intruder have phisical access to mac. And more, if my mac account login password is not strong as my key password, when i allow to OSX Keychain store and manage it, i am still weakning my encryption. Both this are correct?

    Thanks for your help. Really helped me on that.

    Cordially

    Fernando Paludo
    Brasil

  3. Support Staff 3 Posted by Steve on 18 Aug, 2015 12:42 PM

    Steve's Avatar

    Hey Fernando,

    that is correct. If an attacker gains physical access to your machine by either stealing your computer or intruding your private space, there is no protection. You could put your secret keys on a USB drive as an additional protective measure or setup a screensaver with password if you live in a multi-user work environment for example. That way, when you leave your machine, the screensaver activates and your machine is still protected with a password.

    Since most mac users run as admin, a strong admin password is always highly recommended. I suggest updating yours, if it is very weak. Friends of mine used to have "x" as a password for their admin user. I couldn't believe it and we updated the password. But yes, if you want to be secure, encrypt your mails and then have a weak admin password this is somewhat contradictory behavior.

    Kindly,
    steve

  4. Steve closed this discussion on 07 Jan, 2016 07:49 PM.

Comments are currently closed for this discussion. You can start a new one.

  • New Issue

  • Conversation Started

  • The discussion is closed

    No more actions from GPGTools or the discussion starter are required.

  • Re-open the discussion

Private Permissions

This discussion is private. Only you and GPGTools support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

04 Mar, 2026 04:10 PM googleaccount
27 Feb, 2026 03:32 PM gnupg/dirmngr does not surface 429 and other unexpected error code responses from keyserver
24 Feb, 2026 07:57 PM gpg/dirmngr issues with keyserver.ubuntu.com
11 Feb, 2026 03:35 PM Cannot decrypt messages if signature cannot be verified due to missing public key
06 Feb, 2026 12:42 AM GPG Keychain: GPG Key Chian Selection issue

Recent Articles

Keyboard Shortcuts
How to verify the downloaded GPG Suite?
How to decrypt an email when no internet connectivity is available
What does the status bubble in GPGMail indicate?
Modification Detection Code (MDC) Errors