prevent gpg from caching passphrase

How can I prevent gpg from caching passphrases? (when using symmetric encryption on individual files)

From man gpg2

“gpg2 caches the passphrase used for symmetric encryption so that a decrypt operation may not require that the user needs to enter the passphrase. The option –no-symkey-cache can be used to disable this feature.”

If you do not want to always invoke this option manually, but want to have it permanently set, put it in your $HOME/.gnupg/gpg.conf file without the leading dashes, so it looks like so:


**This is the general way you make gpg options permanent, put it in ~/.gnupg/gpg.conf without the leading dashes.One other option that may be useful for security reasons is

output -

When putting this in gpg.conf, gpg generally outputs stuff to stdout, unless you give a filename.
The security implication is, sometimes it might happen gpg writes plain text stuff automatically to disk, without you noticing it. This option prevents this, gpg writes only to disk when told so, nothing will be written to disk automatically. You just have to keep in mind to use -o option to write to specfic files when desired.

If there is no gpg.conf file you may have to create it, but I think it should exist.

If there is no “gpg.conf”, then there is probably a file “options” which is the old name for the configuration file and should still be supported.

I didn’t have a ~/.gnupg/gpg.conf file, so I made one with the no-symkey-cache line, and now caching indeed seems disabled.

Thank you!