Konubinix' opinionated web of thoughts

Why Do I Type My Gpg Passphrase 3 Times at Boot?


My gnupg private key is not stored in the hard drive. I need to load it in memory at boot time.

  1. when I first import my key
  2. when I decrypt my gpg-agent.conf
  3. when I reload gpg-agent

Why do I encrypt my gpg-agent.conf

This file contains the logic to get access to my key. Among other things, it says what pinentry program is used.

I don’t feel confidend leaving this like unencrypted.

why don’t I restore my gpg-agent.conf along with the private key?

My private key is restored using shamir’s secret sharing. That means that I took the time to generate the shares and distribute them.

This is not a big deal for a barely changing file, like my private key.

But I tend to change from time to time my gpg-agent configuration and don’t want to have to redistribute it to all the peers each time.

Now, would this burden be worse than having to type the passphrase thrice every morning?

why encrypting gpg-agent.conf helps?

After all, everybody can substitute gpg-agent.conf.gpg with a forged one. Actuall I signencrypt those files, so that when decrypting, I know it was first encrypted with my key.