Like SSH, GPG lets you use an agent to cache your PassPhrase in memory for a time, and provide it back to GPG when you would otherwise have to retype it.
On Debian/Ubuntu:
apt-get install gnupg-agent pinentry-curses
pinentry is a program to securely accept your passphrase. There are GTK and QT versions available for X users.
To start the GPG agent, run eval `gpg-agent --daemon` (I keep this in my /.bashrc).
You configure the agent in /.gnupg/gpg-agent.conf. A sample:
default-cache-ttl 3600 pinentry-program /usr/bin/pinentry-curses
This caches the pin for 3600 seconds (1 hour) and uses the curses (text mode) pin entry program.
The first time you run gpg, and would have to enter your passphrase, the pinentry program will pop up and ask for it for you. It will then be cached for the defined TTL, so you won't be asked for it again. This is useful if you're doing anything that does more than one GPG operation, such as running a script to sign two files.
You need a passphrase to unlock the secret key for user: "IT Partners <packages@itpartners.co.nz>" 1024-bit DSA key, ID xxxxxxx, created 2005-04-21 gpg: cancelled by user gpg: skipped "xxxxxxxx": bad passphrase
Why wasn't I prompted for the passphrase? pinentry-curses needs a TTY, and if you don't have GPG_TTY set, it won't be able to find one if you're running from a script.
GPG_TTY=`tty` in your .bashrc will fix this for you.
Find other pages like me in CategoryNotes
One page links to GpgAgentNotes: