Using GnuPG and its daemon gpg-agent

linux ubuntu debian passwords gnupg

13,840

Found how to properly use gpg-agent from http://tr.opensuse.org/SDB:Using_gpg-agent

Following that, my gpg-agent daemon is caching my GnuPG passwords properly now. There was nothing wrong with my setup, just that I didn't know how to test whether my GnuPG passwords is caching properly or not.

Now, I do:

echo "test" | gpg -ase -r 0xMYKEYID | gpg

From the site: "Replace 0xMYKEYID with your GnuPG key ID. While running this command, the agent should open a graphical password dialog twice: first for signing or encrypting (gpg -ase)(gpg -ase) then for decryption or signature check (| gpg). From now on, every time GnuPG is used (either from the command line or embedded in a graphical program such as KMail), gpg-agent's password will be passed automatically (until the time-out expires or the graphical interface is closed)."

And to avoid the caching expiration, I now have set extremely long timeout period:

$ cat ~/.gnupg/gpg-agent.conf
max-cache-ttl 60480000
default-cache-ttl 60480000

13,840

xpt

Updated on September 18, 2022

Comments

xpt over 1 year
I'm using gpg-agent to remember and supply my GnuPG password when building Debian/Ubuntu packages. But I'm still confused how gpg-agent works. I invoke gpg-agent as:
```
eval $(gpg-agent --daemon)
```
It works sometimes. But what bothers me is that sometimes it doesn't work. I.e., sometimes the building process asks for my GnuPG passwords once, sometimes none, and sometimes many times. This all happens during one single bash session, after I've invoked gpg-agent as before. Not being asked for password this time doesn't guarantee that I won't get asked for password next time. I still haven't figure out why gpg decides to prompt me for password and why it doesn't.

Does it happen to you as well?

Thanks
- Admin over 9 years
  
  In Emacs, for GNUS and .authinfo.gpg, I got a hint to use gpg2, which gpg-agent is associated with. So (setq epg-gpg-program "/usr/bin/gpg2") worked for me. Perhaps you will have to discover which of your applications are having the issue, they may be preferring gpg (1).
Sean the Bean almost 8 years

According to linux.die.net/man/1/gpg-agent, you can also add --write-env-file "${HOME}/.gpg-agent-info" when starting gpg-agent and then add if [ -f "${HOME}/.gpg-agent-info" ]; then . "${HOME}/.gpg-agent-info"; export GPG_AGENT_INFO fi to your .bashrc to detect whether the agent is already running. Seems like a bit cleaner solution.
xpt almost 8 years

@SeantheBean, excellent. I'll test it out and get back to you...
xpt over 4 years

WARNING: "--write-env-file" is an obsolete option - it has no effect since at least Apr 4 '16. Ref: serverfault.com/a/481174