obsidian-gpgCrypt icon indicating copy to clipboard operation
obsidian-gpgCrypt copied to clipboard
verified publisher icon tejado

Feature Request: Always remember passphrase

Open jgornick opened this issue 2 years ago • 8 comments

First off, great plugin! It's exactly what I was looking for coming from Joplin and the encryption done there.

I wanted to see if it was possible to always remember the passphrase for the key? I see you can provide 0 to disable, but I'm assuming that's to disable remembering the passphrase as I've been prompted to always provide a password.

Any help would be greatly appreciated! Thank you!

jgornick avatar Dec 19 '23 16:12 jgornick

Thanks for the feedback. You could set a time of maximum one month. Would this be enough? Please keep in mind that its only remembering the passphrase when its running. Closing Obisdian will not write the passphrase to disk.

tejado avatar Dec 20 '23 09:12 tejado

Closing Obisdian will not write the passphrase to disk.

I just installed the plugin. Wasn't clear what Remember passphrase 0 means – "never ask" (for the duration of Obsidian running, as author seems to suggest), or "ask every time". Decided to test, and to my surprise, I am now not getting prompted for the passphrase ever, even after Obsidian is restarted. An encrypted note is encrypted on disk (thankfully), and is displayed decrypted. Edits saved transparently, still encrypted. That is to say, everything works as it should. Except, apparently, Obsidian now knows my passphrase. 😕

@tejado LMK if you want me to spawn this into a separate issue. Cheers!

rubaboo avatar Jan 15 '24 08:01 rubaboo

UPDATE: Upon finding a clue in discussion #7, my guess is the relevant settings in gpg4win are these:

Happy to report that after closing Obsidian and waiting for a few minutes, I got prompted for the passphrase again when opening the vault.

@tejado I think it would be beneficial to have an blurb in Readme for people not familiar with gpg and it's passphrase caching feature. Also, "Set to 0 to disable" should instead say something like "Set to 0 to remember until Obsidian is closed (see "About passphrase caching" caveat)".

Finally, I'd like to say this is really a game-changing plugin. I'm surprised none of the YouTube influencers featured it yet. 😃 Hope Obsidian does not break it with future updates.

rubaboo avatar Jan 15 '24 09:01 rubaboo

Just to add to this, yes, I'd say there should be no need to add a "Remember passphrase", and let GPG handle this. No need to create more work, otherwise it's going to become confusing for the user that there's now two places to modify the remember duration.

For GUI GPG interfaces, you just change the duration in the interface, for command-line GPG, you just modify the config, and restart the gpg agent.

Aetherinox avatar Feb 16 '24 11:02 Aetherinox

I understand what you are saying, however, I still think it makes sense to be able to let Obsidian remember it's passphrase for the entire time it is running, or for a longer duration anyways, without leaving whatever else one might be using GPG for more exposed.

rubaboo avatar Feb 16 '24 21:02 rubaboo

without leaving whatever else one might be using GPG for more exposed.

Not sure I get what you mean. Excluding any GUI based applications that can help you edit GPG settings using an interface because of the default config file, this plugin much like all other GPG-based technologies require that GPG be installed.

GPG remembering your passphrase is handled by the agent itself, which has to run as a service even if you want GPG in obsidian to work.

Changing this involves editing ~/.gnupg/gpg-agent.conf and simply modifying the default value

# in seconds
default-cache-ttl 3600
max-cache-ttl 3600

This setting is global across any service that needs GPG, such as this Obsidian plugin, SSH, Github signing, Yubikey GPG signing / encrypting, etc.

Once the cache time on GPG itself runs out, it takes priority over any other application and it will prompt you for your passphrase again in order for the agent to communicate with the program.

And if there were to be some type of passphrase remembered by this obsidian plugin, it would have to be cached somewhere, potentially in raw format, which is a huge security risk. And then plugin would have to have some way to inject the passphrase into the GPG agent when it requests for the user to input that passphrase again.

With the config above, that setting is only used by the gpg agent, which has to run for the Obsidian plugin to even operate, so no additional programs need to run for that setting to take affect. If you kill the gpg service, then the Obsidian plugin can't communicate with GPG at all.

And then if you want to not deal with the passphrase at all, there is

allow-preset-passphrase

But I don't recommend that. The point of GPG is for higher security, not allowing the machine to cache the passphrase for an indefinite amount of time.

Aetherinox avatar Feb 17 '24 00:02 Aetherinox

Hi, thanks for the explanation. I totally thought it was the plugin remembering the passphrase. If it does not, then I agree, the setting is superfluous. I'm not proficient enough to comb through the code to find out.

Still hope it does remember the passphrase. The size of the security risk depends on my threat model. If I only want to prevent someone snooping in my vault files at rest, and I don't use that particular key for anything else, then the risk is quite acceptable.

rubaboo avatar Feb 17 '24 01:02 rubaboo

Sure thing.

Yeah, the handling of the passphrase is completely up to the GPG agent running on your system. I'm not even sure how the developer could do a "remember passphrase" feature for Obsidian, without the risk of the passphrase being retrievable.

Obviously GPG command-line has support for specifying the GPG key passphrase when executing sign / generate / verify commands, but having the plain-text passphrase just sitting there would be a huge issue in my eyes.

To increase the amount of time GPG members your passphrase, you can edit the settings I listed above. Such as for mine, I have the following:

Windows: C:\Users\USERNAME\AppData\Roaming\gnupg\gpg-agent.conf Linux: /home/USERNAME/.gnupg/gpg-agent.conf

enable-putty-support
enable-ssh-support
use-standard-socket
default-cache-ttl-ssh 60
max-cache-ttl-ssh 120
default-cache-ttl 28800 # gpg key cache time
max-cache-ttl 28800 # max gpg key cache time
pinentry-program "C:\Program Files (x86)\Gpg4win\bin\pinentry.exe"
allow-loopback-pinentry
allow-preset-passphrase
pinentry-timeout 0

For SSH, I have the passphrase expire after a few minutes. However, for stuff like encrypting / signing, which is what this Obsidian plugin does, I have the cache time set to 8 hours / 28800 seconds.

You can remove the pinentry settings if you don't need them. There's an explanation of pinetry at https://velvetcache.org/2023/03/26/a-peek-inside-pinentry/ or https://www.gnu.org/software/emacs/manual/html_node/epa/GnuPG-Pinentry.html

After you edit the config, simply restart GPG by opening terminal or windows command prompt and executing

gpgconf --kill gpg-agent

Aetherinox avatar Feb 17 '24 02:02 Aetherinox