Using GnuPG and its daemon gpg-agent
Found how to properly use gpg-agent
from
http://tr.opensuse.org/SDB:Using_gpg-agent
Following that, my gpg-agent
daemon is caching my GnuPG
passwords properly now. There was nothing wrong with my setup, just that I didn't know how to test whether my GnuPG
passwords is caching properly or not.
Now, I do:
echo "test" | gpg -ase -r 0xMYKEYID | gpg
From the site: "Replace 0xMYKEYID with your GnuPG key ID. While running this command, the agent should open a graphical password dialog twice: first for signing or encrypting (gpg -ase)(gpg -ase) then for decryption or signature check (| gpg). From now on, every time GnuPG is used (either from the command line or embedded in a graphical program such as KMail), gpg-agent's password will be passed automatically (until the time-out expires or the graphical interface is closed)."
And to avoid the caching expiration, I now have set extremely long timeout period:
$ cat ~/.gnupg/gpg-agent.conf
max-cache-ttl 60480000
default-cache-ttl 60480000
Related videos on Youtube
xpt
Updated on September 18, 2022Comments
-
xpt over 1 year
I'm using
gpg-agent
to remember and supply myGnuPG
password when buildingDebian/Ubuntu
packages. But I'm still confused howgpg-agent
works. I invokegpg-agent
as:eval $(gpg-agent --daemon)
It works sometimes. But what bothers me is that sometimes it doesn't work. I.e., sometimes the building process asks for my
GnuPG
passwords once, sometimes none, and sometimes many times. This all happens during one single bash session, after I've invokedgpg-agent
as before. Not being asked for password this time doesn't guarantee that I won't get asked for password next time. I still haven't figure out whygpg
decides to prompt me for password and why it doesn't.Does it happen to you as well?
Thanks
-
Admin over 9 yearsIn Emacs, for GNUS and
.authinfo.gpg
, I got a hint to usegpg2
, whichgpg-agent
is associated with. So(setq epg-gpg-program "/usr/bin/gpg2")
worked for me. Perhaps you will have to discover which of your applications are having the issue, they may be preferringgpg
(1).
-
-
Sean the Bean almost 8 yearsAccording to linux.die.net/man/1/gpg-agent, you can also add
--write-env-file "${HOME}/.gpg-agent-info"
when starting gpg-agent and then addif [ -f "${HOME}/.gpg-agent-info" ]; then . "${HOME}/.gpg-agent-info"; export GPG_AGENT_INFO fi
to your .bashrc to detect whether the agent is already running. Seems like a bit cleaner solution. -
xpt almost 8 years@SeantheBean, excellent. I'll test it out and get back to you...
-
xpt over 4 years
WARNING: "--write-env-file" is an obsolete option - it has no effect
since at leastApr 4 '16
. Ref: serverfault.com/a/481174