browserpass-native icon indicating copy to clipboard operation
browserpass-native copied to clipboard
verified publisher icon browserpass

No longer prompted for pinentry when showing passwords

Open chumb3rs opened this issue 10 months ago • 2 comments

I set up pass store and the associated browser extension and native client after which everything worked as expected.

However, after a short period, I was no longer prompted to enter my master password for the gpg account. This is the case when using the browser extension as well as when using the CLI for pass store, so perhaps this is not the correct place to raise this issue. I waited up to 24 hours without showing passwords to be sure that the prompt (i.e. pinentry) no longer shows.

The only thing I can remember doing differently on one occasion was exiting out of the pinentry-mac window via esc rather than entering the password. I wonder whether the gpg-agent is permanently caching my master password, which is not ideal.

I have tried killing the gpg-agent but to no effect.

System:

  1. MacOS Sequoia 15.3
  2. pass --version => v1.7.4 (installed with brew)
  3. Using Brave Browser
  4. Using pinentry-mac

Thank you in advance if you have any suggestions!

chumb3rs avatar Feb 12 '25 00:02 chumb3rs

Hello! Just to clarify, browserpass is able to decrypt the passwords, so everything works as expected, it's only that you expect to be prompted for master password every time you use browserpass (or pass) and it only happens for the very first time and that's it?

If yes, could it be that you are looking for one of these settings for your gpg-agent.conf?

default-cache-ttl N
max-cache-ttl N

max-baz avatar Feb 12 '25 10:02 max-baz

Hi! That is correct, browserpass still works as expected, but I do want to have to input my password after a certain period. I set these variables to 30 and 60 respectively, killed and restarted the agent. However I am not seeing any different behaviour unfortunately

chumb3rs avatar Feb 13 '25 07:02 chumb3rs