Using gpg-agent: Difference between revisions

Revision as of 23:33, 12 November 2015

Unfinished

The two key things missing from all extant guides for using gpg-agent rather than ssh-agent are: specification of the pinentry program, and setting SSH_AUTH_SOCK. You'll also need to add your key using ssh-add, and set nice timeouts.

generate your keys

Use the guide on secure secure shell in PrivacyGroup#other tools to generate strong keys.

getting gpg-agent to run on startup with ssh support

Copy this to .gnupg/gpg-agent.conf:

 enable-ssh-support

setting good timeouts

Copy this to .gnupg/gpg-agent.conf:

 default-cache-ttl-ssh 28800
 max-cache-ttl-ssh 43200

setting pinentry and other options for gpg-agent

Copy this to .gnupg/gpg-agent.conf:

 pinentry-program /usr/bin/pinentry-gtk-2

modifying .xsessionrc

Add this to $HOME/.xsessionrc (some may not be necessary; I will update this):

 GPGAGENT=/usr/local/bin/gpg\-agent
 envfile="$HOME/.gnupg/gpg-agent.env"
 if -e "$envfile"  && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
   eval "$(cat "$envfile")"
   echo ran $(cat "$envfile") >> $HOME/gpgagent_debug
 else
   eval "$($GPGAGENT --daemon --enable-ssh-support --write-env-file "$envfile")"
   #echo did $GPGAGENT --daemon --enable-ssh-support --write-env-file "$envfile" >> $HOME/gpgagent_debug
 fi
 export GPG_AGENT_INFO  # the env file does not contain the export statement
 unset SSH_AGENT_PID
 if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
   export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
   #echo did export SSH_AUTH_SOCK=$SSH_AUTH_SOCK >> $HOME/gpgagent_debug
 fi

After restarting (or just restarting X, if you know how...), do

 gpg-agent

on its own to tell if the agent is running.

Using gpg-agent: Difference between revisions

Revision as of 23:33, 12 November 2015

Contents

generate your keys

getting gpg-agent to run on startup with ssh support

setting good timeouts

setting pinentry and other options for gpg-agent

modifying .xsessionrc

Navigation menu

@@ Line 3: / Line 3: @@
 The two key things missing from all extant guides for using gpg-agent rather than ssh-agent are: specification of the pinentry program, and setting SSH_AUTH_SOCK. You'll also need to add your key using ssh-add, and set nice timeouts.
-==setting pinentry and other options for gpg-agent==
+==generate your keys==
+Use the guide on secure secure shell in [[PrivacyGroup#other tools]] to generate strong keys.
+==getting gpg-agent to run on startup with ssh support==
 Copy this to .gnupg/gpg-agent.conf:
    enable-ssh-support
+==setting good timeouts==
+Copy this to .gnupg/gpg-agent.conf:
    default-cache-ttl-ssh 28800
    max-cache-ttl-ssh 43200
+==setting pinentry and other options for gpg-agent==
+Copy this to .gnupg/gpg-agent.conf:
    pinentry-program /usr/bin/pinentry-gtk-2
@@ Line 20: / Line 29: @@
    else
      eval "$($GPGAGENT --daemon --enable-ssh-support --write-env-file "$envfile")"
-     echo did $GPGAGENT --daemon --enable-ssh-support --write-env-file "$envfile" >> $HOME/gpgagent_debug
+     #echo did $GPGAGENT --daemon --enable-ssh-support --write-env-file "$envfile" >> $HOME/gpgagent_debug
    fi
    export GPG_AGENT_INFO  # the env file does not contain the export statement
@@ Line 26: / Line 35: @@
    if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
      export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
-     echo did export SSH_AUTH_SOCK=$SSH_AUTH_SOCK >> $HOME/gpgagent_debug
+     #echo did export SSH_AUTH_SOCK=$SSH_AUTH_SOCK >> $HOME/gpgagent_debug
    fi
+After restarting (or just restarting X, if you know how...), do
+  gpg-agent
+on its own to tell if the agent is running.

Using gpg-agent: Difference between revisions

Revision as of 23:33, 12 November 2015

generate your keys

getting gpg-agent to run on startup with ssh support

setting good timeouts

setting pinentry and other options for gpg-agent

modifying .xsessionrc

Navigation menu

Search