PSA: Make sure your GPG agent times out after an idle period

When I started using Linux Mint 17.2 recently I noticed that the GPG agent doesn’t timeout after an idle period. Instead the GPG agent caches the keys until the end of the session. This is a major security issue because I always suspend my laptop instead of shutting it down, which means that anyone with access to my laptop has access to my SSH and GPG keys which can be dangerous.

The easiest way to solve this is to change the Gnome Keyring settings. To do this install dconf-tools

sudo apt-get install dconf-tools

Then run dconf-editor from the terminal and modify the value of gpg-cache-method, which is under desktop -> gnome -> crypto -> cache, to idle.

Now the Gnome Keyring should ask for a password if a gpg key isn’t used for 300 seconds.