From the docs
--symmetric [...] gpg caches the passphrase used for symmetric encryption so that a decrypt operation may not require that the user needs to enter the passphrase. The option --no-symkey-cache can be used to disable this feature.
Is it just me, or is that a rather ridiculous default? Meaning, that by default anyone with access to the shell can decrypt the file without knowing the passphrase while the password is still in cache from the encryption process.
Can be "fixed" by adding --no-symkey-cache
From the docs
Is it just me, or is that a rather ridiculous default? Meaning, that by default anyone with access to the shell can decrypt the file without knowing the passphrase while the password is still in cache from the encryption process.
Can be "fixed" by adding
--no-symkey-cache