Bug 329587

Summary: if decrypting a file the 2nd time in a session, Kleopatra does not ask for password and just decrypts file
Product: [Applications] kleopatra Reporter: jr <cartman743>
Component: generalAssignee: kdepim bugs <pim-bugs-null>
Status: RESOLVED NOT A BUG    
Severity: grave CC: aheinecke, mutz
Priority: NOR    
Version First Reported In: 2.2.0   
Target Milestone: ---   
Platform: Microsoft Windows   
OS: Microsoft Windows   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description jr 2014-01-04 05:21:10 UTC 
If i decrypt a file with my certificate, the 1st time in a session (since windows was started), the decryption routine asks for my password. This is what I want. If I encrypt and decrypt the same file in the same session, it just decrypts the file without me being asked for my password. This is what I DO NOT want. If I restart the program, this behavior is reproducible. That means anyone can decrypt a file without my password, if the pc has not been shut down.

Reproducible: Always

Steps to Reproduce:
1.Encrypt a file using my certificate. Works fine and encrypts the file.
2.Decrypt-- it asks for my password. Works fine and decrypts the file
3.Encrypt a file again without shutting down. Works fine and encrypts the file.
4.Decrypt a file again without shutting down -- it does NOT ask for my password and just decrypts the file.
Comment 1 jr 2014-01-04 05:24:21 UTC 
I meant restart the "computer" not "program".
Comment 2 jr 2014-01-04 06:04:38 UTC 
One other note, it seems to work fine (so that it asks for a password for decryption) after several minutes elapse however the behaviour is as described at least for the first few minutes after the 3rd step above.
Comment 3 Andre Heinecke 2015-09-10 18:19:11 UTC 
The gpg-agent does the caching so this would be a gnupg "bug" but this is intentional behavior which can be configured.

Kleopatra offers UI for this configuration:
Settings -> Configure Kleopatra -> GnuPG System -> GPG Agent -> "set maximum PIN cache lifetime to N seconds"
change this to zero.