ruby-gpgme icon indicating copy to clipboard operation
ruby-gpgme copied to clipboard

Published 20 hours ago verified publisher icon ueno

Key Management

Open acovrig opened this issue 3 years ago • 1 comments

How do I remove a key from the keychain (or purge the keychain)? My current flow is:

User enters password in rails UI, the sidekiq worker does something like GPGME::Key.import(File.open("#{user_id}.ppk")). I am able to decrypt data, however, when the worker is done, I can decrypt data with any password as that key is in memory. I need to remove that key from the keychain the valid password for that key is required to decrypt data again.

acovrig avatar Mar 31 '21 16:03 acovrig

It sounds like the gpg agent might have cached the password. Check out https://unix.stackexchange.com/questions/395875/gpg-does-not-ask-for-password particularly setting up ~/.gnupg/gpg-agent.conf for the sidekiq user (if different that www-data) and pkill gpg-agent to ensure the settings are reloaded. I think setting the cache-ttl settings should help you.

goldstar611 avatar Aug 02 '21 16:08 goldstar611