Hacking GPG-Agent
Werner Koch
wk at gnupg.org
Fri Mar 22 15:18:32 CET 2013
On Thu, 21 Mar 2013 16:26, x-alina at gmx.net said:
> Knowing better hacks?
Unless you use a remote file system for ~/.gnupg which does not support
Unix domain socket, I suggest to use this:
$ echo "enable-ssh-support" >>~/.gnupg/gpg-agent.conf
$ echo "use-standard-socket" >>~/.gnupg/gpg-agent.conf
$ cat <<EOF >>~/.bashrc
unset GPG_AGENT_INFO
unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
fi
EOF
and remove all explicit calls to gpg-agent. The bash code is only
required for interactive shells. We reset GPG_AGENT_INFO so that we are
sure it is not set and gpg, gpgsm, gpg-connect-agent can do the Right
Thing. The test on $gnupg_SSH_AUTH_SOCK_by takes care of the case that
gpg-agent has been started (for debugging) like this:
$ GNUPGHOMEDIR=$(pwd) gpg-agent --daemon ~/bin/bash
For 2.1 you even don't need to use use-standard-socket, because that is
the configure default.
gpg-agent will be started on demand. Because ssh does not know about
this trick, it can't do that. Thus you need to call
$ gpg-connect-agent /bye
once to force starting a gpg-agent (I do that in my ~/.xession).
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list