Thank you for your all your help.
I'm pretty sure I didn't enter a comma. I initially tried 172,800 and it told me that I can't set it for that long so that means I didn't use a comma on that attempt. Otherwise it would have allowed it. And I when I changed it to 86,400 I don't think I suddenly decided to add a comma. I just opened the prefs and there's no comma so even if I had typed a comma it apparently deleted it on it's own. It's stored now because I checked it in the dialog box when the pin entry message came up again.
BTW, I opened my Mac Keychain Access and it only shows one of my public keys stored. I have created several keys and the one that shows as being stored is one that I don't even use. I'm still not getting anymore pin entry messages (which is fine) but it seems like should be getting messages wanting me to store my other keys too. Any idea why I'm not getting any?
Still wondering how to locate my secret key too. Are they supposed to be in the private-keys-v1.d folder? That folder is empty. There is a document called securing.gpg. Is that it? Maybe you answered this in another recent message. I'll check to see.
Steve on 03 Dec, 2016 08:09 PM
The current max. is 86999 seconds. We probably should limit the
field to 5 digits and then allow 99999 as maximum.
We have a ticket for this problem. I connected this discussion
with the existing ticket. That means, should this discussion get
closed, it will be re-opened as soon as the ticket is closed. That
way you'll stay in the loop and get notified as soon as we have
news. Feel free to open a new discussions should you run into
further problems or need assistance.
Regarding macOS keychain storage: while you may have created
more than one key, that doesn't necessarily mean, those already
have their passwords stored in macOS keychain.
Whenever the key is required to sign or decrypt you will be
asked for your password (in case it is not stored in macOS
keychain). So to trigger the dialog just sign some sample text in
TextEdit with the respective key and pinentry should show.
Secret keys are indeed stored in the securing.gpg file.
I have several public keys but I only have one passphrase. So now that I have stored that passphrase by checking that box in that last pin entry message dialog box I got, shouldn't Mac Keychain Access show my other keys too since they're all associated with the same passphrase?
After I checked the box to store my passphrase, I stopped receiving the messages so that would imply that by storing it this way I can store it for more that 86999 seconds.
It also implies that all my public keys are being stored, otherwise I would still be getting pin entry messages. Those messages kept appearing without me having to sign any text with my key.
Steve on 12 Dec, 2016 10:41 AM
No, that's not how things work. Passwords are not associated
with all keys if they are the same. Thoughts about that:
you should never reuse passwords in more than one occasion
(unless you have really good reason to do so) since it lowers
security a lot and if you get compromised the entire security
macOS keychain access can store your password but does so only
in regards to a specific key. So to answer your question: you will
have to store any password you want stored separately, even if it
is an identical password (which again, is a policy, we would not
The pinentry dialog is not related to usage of your public key.
Those dialogs where probably triggered by either sending a signed
mail or looking at encrypted mails for which in order to decrypt
them access to your secret key was requested.
The pin entry dialogs were appearing without me doing any of that. In fact, on many occasions I would simply wake up my computer from sleep mode and the dialog would be there on my screen.
I never realized I was supposed to use different passwords. When you say I should never reuse the password in more than one occasion, do you actually mean I should use a different password every time I encrypt or decrypt a message even if I'm using the same public key? Or just use a different password for each different public key I use? Either way I suppose I'll have to learn how to create different passwords. Perhaps you have a link to some instructions on that?
Steve on 15 Dec, 2016 11:52 AM
Was Mail.app open when you put your machine to sleep? Try the
same but make sure you select an empty folder or inbox before
putting your computer to sleep. Then pinentry should not show
What I meant by not using the same password was the (sadly)
common practice to use one password for all your logins (and keys).
That's not a good idea. If you get compromised due to whatever
reasons, you got a real problem. So it is recommended to not re-use
the same password. If you set a password for a certain OpenPGP key,
that password remains the same of course. Unless you decide to
change it every 6 months. Which again isn't such a bad idea, as
long as you have a good way to keep track of your passwords.
Password managers are one solution to the problem. They generate
strong passwords. But again, it should be a software which you can
trust. I would not use a web based password manager.
I currently have OS X 10.11.6 on my iMac. I have GPG Keychain 1.2.1 (1147). Will your current version work with my operating system?
I believe your current version is GPG Suite 2017.2 with Keychain 1.4.1. Your update information says GPG Mail 3.ob2 (10.13 only). Does that mean it only works with OS X 10.13?
But I read somewhere that when I install GPG Suite I can do a custom install and select which tools I want. For example I can choose to only install GPG Keychain. Is this true? I think I might have done that when I originally installed it because currently all I have is GPG Keychain. I don’t have GPG Mail and I have never needed it. Another article online said that on a Mac it only installs GPG Keychain anyway. So is this true or can I custom install and just get GPG Keychain?
If your current version of GPG Keychain doesn’t work with Mac OS X 10.11.6, do you still have an earlier version that will work with it?
When your update messages appear on my screen asking me if I want to update now, if I click it will it actually install it or will it just upload it to my Download folder? I started to do it one day in the hopes that it would just download it but a progress bar appeared which made me think it might be installing it so I cancelled it. Does it work the same way if I download it from your website?
I tried to make a donation once using PayPal but either something went wrong or maybe something happened that confused me. I can’t even remember exactly what happened as it was some time ago. Anyway, if your current updates aren’t charging yet, then how can I make a donation using PayPal?
Thank you so much,
Steve on 13 Jan, 2018 02:33 PM
the current release is GPG Suite 2017.3 and it supports macOS 10.9 and newer. Everything works fine on macOS 10.11.
You can indeed customize the installation and deselect components if you want during install. To do that, download GPG Suite, mount the installer and keep looking for the "Customize" button.
When you see an update message, that will download the new software and install it without you have to mount anything. So if you just want to download the new version and install it at a later point in time, I'd suggest to download GPG Suite from the homepage.