Mailing List Archive: macOS pinentry remove saved password

macOS pinentry remove saved password

Mar 16, 2021, 3:00 AM

Post #1 of 6 (543 views)

Hi,

The default behaviour of the pinentry app (on macOS at least) is to have
the option "save password in Keychain" automatically selected.

I have to deselect this every time I use a specific GPG key where I don't
want the password saved in the macOS Keychain. Unfortunately it seems I
neglected to do this one time and so now it has been stored in the Keychain.

I would like to remove it from the Keychain but it seems I can't find the
gpg key listed in the macOS Keychain application and so I'm not sure how to
remove it so that pinentry will again start asking me for the password for
that particular gpg key.

Any help would be appreciated.

Thanks.

Re: macOS pinentry remove saved password [ In reply to ]

gnupg-users at gnupg

Mar 16, 2021, 4:40 AM

Post #2 of 6 (543 views)

Permalink

Hi,

The key is listed in the login keychain. It uses the name and one of the associated numbers - It is the fifth element in —with-key-data but I don’t recognize it.

This default for pin entry is … frustrating.

Regards,

bex
On Mar 16, 2021, 12:05 PM +0100, Mark McDonnell via Gnupg-users <gnupg-users@gnupg.org>, wrote:
> Hi,
>
> The default behaviour of the pinentry app (on macOS at least) is to have the option "save password in Keychain" automatically selected.
>
> I have to deselect this every time I use a specific GPG key where I don't want the password saved in the macOS Keychain. Unfortunately it seems I neglected to do this one time and so now it has been stored in the Keychain.
>
> I would like to remove it from the Keychain but it seems I can't find the gpg key listed in the macOS Keychain application and so I'm not sure how to remove it so that pinentry will again start asking me for the password for that particular gpg key.
>
> Any help would be appreciated.
>
> Thanks.
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: macOS pinentry remove saved password [ In reply to ]

gnupg-users at gnupg

Mar 16, 2021, 9:19 AM

Post #3 of 6 (543 views)

Permalink

Ah, ok cool think I found it.

Thanks bex.

It would be great if users could configure the default as it feels
dangerous to default to saving the passphrase.

On Tue, Mar 16, 2021 at 11:41 AM <bex@pobox.com> wrote:

> Hi,
>
> The key is listed in the login keychain. It uses the name and one of the
> associated numbers - It is the fifth element in —with-key-data but I don’t
> recognize it.
>
> This default for pin entry is … frustrating.
>
> Regards,
>
> bex
> On Mar 16, 2021, 12:05 PM +0100, Mark McDonnell via Gnupg-users <
> gnupg-users@gnupg.org>, wrote:
>
> Hi,
>
> The default behaviour of the pinentry app (on macOS at least) is to have
> the option "save password in Keychain" automatically selected.
>
> I have to deselect this every time I use a specific GPG key where I don't
> want the password saved in the macOS Keychain. Unfortunately it seems I
> neglected to do this one time and so now it has been stored in the Keychain.
>
> I would like to remove it from the Keychain but it seems I can't find the
> gpg key listed in the macOS Keychain application and so I'm not sure how to
> remove it so that pinentry will again start asking me for the password for
> that particular gpg key.
>
> Any help would be appreciated.
>
> Thanks.
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>

Re: macOS pinentry remove saved password [ In reply to ]

klaus+gnupg at ethgen

Mar 16, 2021, 12:34 PM

Post #4 of 6 (543 views)

Permalink

Hi,

Am Di den 16. M?r 2021 um 17:19 schrieb Mark McDonnell via Gnupg-users:
> It would be great if users could configure the default as it feels
> dangerous to default to saving the passphrase.

I believe, it is the "no-allow-external-cache" option.

I had the same on linux with the shity gnome PW manager. It might be the
same option on mac.

Regards
Klaus
--
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus@Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C

Re: macOS pinentry remove saved password [ In reply to ]

gnupg-users at gnupg

Mar 16, 2021, 2:03 PM

Post #5 of 6 (543 views)

Permalink

On Tue, 16 Mar 2021 20:34, Klaus Ethgen said:

> I believe, it is the "no-allow-external-cache" option.

Right, but I am not sure about the macOS pinentry; in particular if it
is closely based on the standard pinentry code base or does its own
thing. Any pointer to that pinentry?

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Re: macOS pinentry remove saved password [ In reply to ]

lukele at gpgtools

Mar 16, 2021, 2:42 PM

Post #6 of 6 (543 views)

Permalink

Am 16.03.2021 um 17:19 schrieb Mark McDonnell via Gnupg-users <gnupg-users@gnupg.org>:

> It would be great if users could configure the default as it feels dangerous to default to saving the passphrase.

That is possible by running the following command:

defaults write org.gpgtools.common UseKeychain -bool NO

To remove any saved passwords from macOS Keychain, search
for GnuPG to find them.

The folks of homebrew are using our version of pinentry which is
based off the standard pinentry, but adds the possibility to store passphrases
for GnuPG keys in macOS Keychain. For our version of GnuPG it should default
to on, but we also provide a macOS preference pane to change the default.
As such a preference pane is not available for homebrew users, we have
brought this issue up with them but they have not reacted.

Best,

Lukas
GPGTools

Mailing List Archive

Attached Files:

Attached Files:

Attached Files: