Hacking GPG-Agent

Werner Koch wk at gnupg.org
Fri Mar 22 15:18:32 CET 2013


On Thu, 21 Mar 2013 16:26, x-alina at gmx.net said:
> Knowing better hacks?

Unless you use a remote file system for ~/.gnupg which does not support
Unix domain socket, I suggest to use this:

  $ echo "enable-ssh-support"  >>~/.gnupg/gpg-agent.conf
  $ echo "use-standard-socket" >>~/.gnupg/gpg-agent.conf

  $ cat <<EOF >>~/.bashrc
    unset GPG_AGENT_INFO
    unset SSH_AGENT_PID
    if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
      export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
    fi
  EOF

and remove all explicit calls to gpg-agent.  The bash code is only
required for interactive shells.  We reset GPG_AGENT_INFO so that we are
sure it is not set and gpg, gpgsm, gpg-connect-agent can do the Right
Thing.  The test on $gnupg_SSH_AUTH_SOCK_by takes care of the case that
gpg-agent has been started (for debugging) like this:

  $ GNUPGHOMEDIR=$(pwd) gpg-agent --daemon ~/bin/bash

For 2.1 you even don't need to use use-standard-socket, because that is
the configure default.

gpg-agent will be started on demand.  Because ssh does not know about
this trick, it can't do that.  Thus you need to call

  $ gpg-connect-agent /bye

once to force starting a gpg-agent (I do that in my ~/.xession).


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list