Multi-user gpg-agent question
Werner Koch
wk at gnupg.org
Mon Aug 21 10:32:57 CEST 2006
On Sun, 20 Aug 2006 07:21, Dylan Vaughn said:
> The issue is that after I start gpg-agent for one user, it does not work
> for any other user on my machine. For example, after I do an initial
Well, you need to start it for each user.
> subsequent decrypt calls, then when I switch to a different user on my
> machine and try to do the same thing gpg-agent doesn't prompt me for my
> passphrase on the initial attempt and instead gives me this message:
>
> dylan2 at sunbeam:~/test$ eval "$(gpg-agent --daemon)"
> dylan2 at sunbeam:~/test$ gpg -o clear.txt -d test.txt.asc
The invocation og gpg-agent may have failed. You better run gpg-agent
this way for testing:
gpg-agent --daemon
it should emit the the following lines:
GPG_AGENT_INFO=/tmp/gpg-3JMzhv/S.gpg-agent:32230:1; export GPG_AGENT_INFO;
SSH_AUTH_SOCK=/tmp/gpg-gA6FYU/S.gpg-agent.ssh; export SSH_AUTH_SOCK;
SSH_AGENT_PID=32230; export SSH_AGENT_PID;
The SSH lines are because I have enable-ssh-support in my
gpg-agent.conf. That is what the eval evaluates. Now cut+paste the
GPG_AGENT_INFO line into the shell to manually do the eval. Then you
can test whether it works:
$ gpg-connect-agent
enter for example
GET_CONFIRMATION foo
and the pinentry will appear to ask you about foo. Click on OK and
you will seethe OK :-). Ctrl-D terminates gpg-connect-agent. You may
run it with the option --verbose to see sonme diagnostics.
The best way to debug it is by invoking gpg in a different way:
$ gpg-agent --daemon --debug 1024 /bin/sh
gpg-agent[32264]: reading options from `/home/test/.gnupg/gpg-agent.conf'
gpg-agent[32264]: listening on socket `/tmp/gpg-g4KTHx/S.gpg-agent'
gpg-agent[32264]: listening on socket `/tmp/gpg-MxP8eV/S.gpg-agent.ssh'
This runs a shell under the control of the gpg-agent and also sets up
the environment variables. How you may use gpg --use-agent at this
shell but we want to try it manually:
sh-3.00$ gpg-connect-agent
gpg-agent[32265]: handler 0x808cae0 for fd 0 started
gpg-agent[32265.0x808cde8] DBG: -> OK Pleased to meet you
gpg-agent[32265.0x808cde8] DBG: <- RESET
gpg-agent[32265.0x808cde8] DBG: -> OK
gpg-agent[32265.0x808cde8] DBG: <- OPTION display=localhost:11.0
gpg-agent[32265.0x808cde8] DBG: -> OK
gpg-agent[32265.0x808cde8] DBG: <- OPTION ttyname=/dev/pts/2
gpg-agent[32265.0x808cde8] DBG: -> OK
gpg-agent[32265.0x808cde8] DBG: <- OPTION ttytype=xterm
gpg-agent[32265.0x808cde8] DBG: -> OK
gpg-agent[32265.0x808cde8] DBG: <- OPTION lc-ctype=en_US
gpg-agent[32265.0x808cde8] DBG: -> OK
gpg-agent[32265.0x808cde8] DBG: <- OPTION lc-messages=C
gpg-agent[32265.0x808cde8] DBG: -> OK
Here we have connected succesfully to the agent and the inital
handshake has been done. "debug 1024" let you see all this. Now we
enter:
GET_CONFIRMATION bar
and gpg-agent does its magic:
gpg-agent[32265.0x808cde8] DBG: <- GET_CONFIRMATION bar
gpg-agent[32265]: starting a new PIN Entry
gpg-agent[32265]: DBG: connection to PIN entry established
gpg-agent[32265]: command get_confirmation failed: Not confirmed
gpg-agent[32265.0x808cde8] DBG: -> ERR 67108978 Not confirmed <GPG Agent>
Well I clicked on cancel and gpg-agent returned
ERR 67108978 Not confirmed <GPG Agent>
the status code for cancel
gpg-agent[32265.0x808cde8] DBG: <- [EOF]
gpg-agent[32265]: handler 0x808cae0 for fd 0 terminated
gpg-connect-agent has disconnected from the agent. and we want to
terminate the agent too:
sh-3.00$ exit
exit
$ gpg-agent[32265]: parent process died - shutting down
gpg-agent[32265]: gpg-agent (GnuPG) 1.9.23-svn4218 stopped
gpg-agent[32265]: secmem usage: 0/16384 bytes in 0 blocks
System is clean again and ready for another test ;-)
I hope this helps to understand how the agaent works. The actual
command gpg uses to get the passphrase is:
GET_PASSPHRASE X X X X
(enter the X verbatim).
You should also read the manual where the installation of the
gpg-agent ins described. The manual is in info format, thus enter
"info gnupg". The next version will also come with man pages
automatically created from the Texinfo source.
Shalom-Salam,
Werner
More information about the Gnupg-users
mailing list