This function is usually used to ask for a passphrase to be used for symmetric encryption, but may also be used by programs which need special handling of passphrases. This command uses a syntax which helps clients to use the agent with minimum effort.
GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] [--qualitybar] cache_id [error_message prompt description]
cache_id is expected to be a string used to identify a cached
passphrase. Use a
X to bypass the cache. With no other
arguments the agent returns a cached passphrase or an error. By
convention either the hexified fingerprint of the key shall be used for
cache_id or an arbitrary string prefixed with the name of the
calling application and a colon: Like
error_message is either a single
X for no error message or
a string to be shown as an error message like (e.g. "invalid
passphrase"). Blanks must be percent escaped or replaced by
prompt is either a single
X for a default prompt or the
text to be shown as the prompt. Blanks must be percent escaped or
description is a text shown above the entry field. Blanks must be
percent escaped or replaced by
The agent either returns with an error or with a OK followed by the hex encoded passphrase. Note that the length of the strings is implicitly limited by the maximum length of a command. If the option --data is used, the passphrase is not returned on the OK line but by regular data lines; this is the preferred method.
If the option --check is used, the standard passphrase constraints checks are applied. A check is not done if the passphrase has been found in the cache.
If the option --no-ask is used and the passphrase is not in the
cache the user will not be asked to enter a passphrase but the error
GPG_ERR_NO_DATA is returned.
If the option --qualitybar is used and a minimum passphrase length has been configured, a visual indication of the entered passphrase quality is shown.
may be used to invalidate the cache entry for a passphrase. The function returns with OK even when there is no cached passphrase.