If anyone does have an answer for this I'll add it to the FAQ section of the website.
I had the same question and have made some progress with it.
The password is now cached after the first encryption and the following accesses are made without having to enter the password.
There is a cache of one hour on my machine, see below for some options to increase this. I'm using gpg and gpg-agent on debian, i haven't configured this my mac yet but gpg2 is available so it should probably work.
Here is the config i'm using:
(require 'org-crypt) (require 'epa-file) (epa-file-enable) (org-crypt-use-before-save-magic) (setq org-tags-exclude-from-inheritance (quote ("crypt"))) (setq org-crypt-key "") ;;this makes gpg ask gpg-agent instead of emacs (setf epa-pinentry-mode 'ask)
Setting epa-pinentry-mode to "ask" is what made password caching work as it now asks gpg-agent instead off Emacs.
Here is some info from epg-config.el regarding this variable:
Note: This variable is obsolete since 27.1, use ‘epg-pinentry-mode’ instead. GnuPG 2.1 or later has an option to control the behavior of Pinentry invocation. The value should be the symbol ‘error’, ‘ask’, ‘cancel’, or ‘loopback’. See the GnuPG manual for the meanings.
From Man gpg
--pinentry-mode mode ask: Force the use of the Pinentry. loopback: Redirect Pinentry queries to the caller.
Here are some options from Man gpg-agent which can extend the time during which the key is cached:
--default-cache-ttl n Set the time a cache entry is valid to n seconds. The default is 600 seconds. Each time a cache entry is accessed, the entry’s timer is reset. To set an entry’s maximum lifetime, use max-cache-ttl. Note that a cached passphrase may not evicted immediately from memory if no client requests a cache operation. This is due to an internal housekeeping function which is only run every few seconds. --max-cache-ttl n Set the maximum time a cache entry is valid to n seconds. After this time a cache entry will be expired even if it has been accessed recently or has been set using gpg-preset-passphrase. The default is 2 hours (7200 seconds).
I have not tested this but these options can be set in the gpg-agent config file:
The default configuration file is named ‘gpg-agent.conf’ and expected in the ‘.gnupg’ directory directly below the home directory of the user.
Some more info i came across:
Overview of options for caching passphrases depending on gpg versions:
I hope this works for you.