Using gpg-agent

From Sidiprojects Wiki
Revision as of 23:24, 12 November 2015 by David (talk | contribs) (Created page with "Unfinished The two key things missing from all extant guides for using gpg-agent rather than ssh-agent are: specification of the pinentry program, and setting SSH_AUTH_SOCK....")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Unfinished

The two key things missing from all extant guides for using gpg-agent rather than ssh-agent are: specification of the pinentry program, and setting SSH_AUTH_SOCK. You'll also need to add your key using ssh-add, and set nice timeouts.

setting pinentry and other options for gpg-agent

Copy this to .gnupg/gpg-agent.conf: 

 enable-ssh-support
 default-cache-ttl-ssh 28800
 max-cache-ttl-ssh 43200
 pinentry-program /usr/bin/pinentry-gtk-2

modifying .xsessionrc

Add this to $HOME/.xsessionrc (some may not be necessary; I will update this): 

 GPGAGENT=/usr/local/bin/gpg\-agent
 envfile="$HOME/.gnupg/gpg-agent.env"
 if -e "$envfile"  && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
   eval "$(cat "$envfile")"
   echo ran $(cat "$envfile") >> $HOME/gpgagent_debug
 else
   eval "$($GPGAGENT --daemon --enable-ssh-support --write-env-file "$envfile")"
   echo did $GPGAGENT --daemon --enable-ssh-support --write-env-file "$envfile" >> $HOME/gpgagent_debug
 fi
 export GPG_AGENT_INFO  # the env file does not contain the export statement
 unset SSH_AGENT_PID
 if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
   export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
   echo did export SSH_AUTH_SOCK=$SSH_AUTH_SOCK >> $HOME/gpgagent_debug
 fi
Retrieved from "https://sidiprojects.us/w/index.php?title=Using_gpg-agent&oldid=212"