Git Commit GPG Sign SSH Key Password Cache

How to make `git commit --gpg-sign` remember the SSH key password until I log out?

Dec 7, 11:28pm

To make git commit --gpg-sign remember your SSH key password (or more accurately, your GPG key passphrase) until you log out, you need to use a credential helper or agent that caches your passphrase. Here’s how you can achieve this:

1. Use `gpg-agent` to Cache Your Passphrase

gpg-agent is the standard way to cache GPG passphrases. It can be configured to remember your passphrase for a set period or until you log out.

Steps:

Edit or create the gpg-agent configuration file: Open or create ~/.gnupg/gpg-agent.conf and add the following lines:
```
default-cache-ttl 34560000
max-cache-ttl 34560000
```
- default-cache-ttl sets the default cache time (in seconds). 34560000 is roughly 1 year, but you can set it to 0 to cache until logout.
- max-cache-ttl sets the maximum cache time.
Restart gpg-agent: Run the following command to restart the agent:
```
bash
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
```
Ensure gpg-agent is used by Git: Add the following to your shell configuration file (e.g., ~/.bashrc, ~/.zshrc):
```
bash
export GPG_TTY=$(tty)
```
Then, reload your shell configuration:
```
bash
source ~/.bashrc  # or source ~/.zshrc
```

2. Use `ssh-agent` for SSH Keys (if applicable)

If you are using an SSH key for GPG signing (via ssh-agent), you can also configure ssh-agent to cache your passphrase.

Steps:

Start ssh-agent and add your key:
```
bash
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/your_private_key
```
You will be prompted for your passphrase once, and it will be cached until you log out.
Configure Git to use SSH for GPG signing: If you are using SSH for GPG signing (e.g., with gpg.format=ssh), ensure your Git config is set up correctly:
```
bash
git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/your_private_key.pub
```

3. Verify Your Setup

Test your setup by running:
```
bash
echo "test" | gpg --clearsign
```
You should not be prompted for your passphrase if the cache is working.

Test a signed Git commit:

bash
git commit --gpg-sign -m "Test signed commit"

Summary Table

GPG/SSH Passphrase Caching Methods

gpg-agent

~/.gnupg/gpg-agent.conf

gpgconf --kill gpg-agent

Cache until logout with default-cache-ttl 0

ssh-agent

N/A

eval "$(ssh-agent -s)"

Cache until logout by default

Dec 7, 11:28pm

This Chat is read-only. Login to resume chatting.

1. Use gpg-agent to Cache Your Passphrase

Steps:

2. Use ssh-agent for SSH Keys (if applicable)

Steps:

3. Verify Your Setup

Summary Table

1. Use gpg-agent to Cache Your Passphrase

Steps:

2. Use ssh-agent for SSH Keys (if applicable)

Steps:

3. Verify Your Setup

Summary Table

1. Use `gpg-agent` to Cache Your Passphrase

2. Use `ssh-agent` for SSH Keys (if applicable)

1. Use `gpg-agent` to Cache Your Passphrase

2. Use `ssh-agent` for SSH Keys (if applicable)