GPGTools 2017.1 re-checks "Store in macOS Keychain"

gpg_dude's Avatar

gpg_dude

02 Oct, 2017 07:14 PM

I was wondering why one of my machines was no longer prompting me for my GPG passphrase. I went into Systems Preferences -> GPG Suite and found the "Store in macOS Keychain" option which I never use was now checked. I confirmed this on another system as well. IMO an update like this should not change this setting.

  1. Support Staff 1 Posted by Steve on 10 Oct, 2017 02:38 PM

    Steve's Avatar

    Hi there,

    In the latest release we have enabled "Store in Keychain" by default, since we found that it made it a lot easier for many of our users.
    This also means however, that if you have never manually changed this setting before yourself, "Store in Keychain" is now enabled by default on your computer as well.
    In order to revert back, you can change this setting in GPG Suite Preferences.

    Best,
    steve

  2. 2 Posted by gpg_dude on 21 Oct, 2017 10:55 PM

    gpg_dude's Avatar

    @steve I forgot I had this issue open (I didn't get an email notice about your update), so I'll x-post this reply I made to Luke in another thread where someone reports this issue: https://gpgtools.tenderapp.com/discussions/problems/60232-save-to-k...

    @luke le: we've noticed this too and unfortunately while it may make things easier in the short run - it can seriously compromise the security of the GPG passphrase as many users sync their keychains to iCloud (often without realizing it since Apple likes to make this the default during setup). Would it be possible to persuade you to change the default back to having it unchecked - or perhaps adding a step during installation/upgrade that at least prompts & asks the user whether or not they'd like enabled - perhaps with a brief explanation of the risks of doing so?

  3. Support Staff 3 Posted by Luke Le on 10 Dec, 2017 01:00 PM

    Luke Le's Avatar

    Hi gpg_dude,

    we absolutely understand your concern and do in fact plan to introduce a dialog which will ask the user what they prefer on first pinentry use (or after the installation of the release that adds this feature) and explaining what the advantages and disadvantages are.

    What would reduce the iCloud syncing problem is having a separate keychain for our stored passphrases. We will think about that too.

    Thanks for your suggestion.

  4. Steve closed this discussion on 26 Mar, 2018 02:45 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac