Multi-user gpg-agent question

Werner Koch wk at
Mon Aug 21 10:32:57 CEST 2006

On Sun, 20 Aug 2006 07:21, Dylan Vaughn said:

> The issue is that after I start gpg-agent for one user, it does not work
> for any other user on my machine.  For example, after I do an initial

Well, you need to start it for each user.

> subsequent decrypt calls, then when I switch to a different user on my
> machine and try to do the same thing gpg-agent doesn't prompt me for my
> passphrase on the initial attempt and instead gives me this message:
> dylan2 at sunbeam:~/test$ eval "$(gpg-agent --daemon)"
> dylan2 at sunbeam:~/test$ gpg -o clear.txt -d test.txt.asc

The invocation og gpg-agent may have failed.  You better run gpg-agent
this way for testing:

  gpg-agent --daemon

it should emit the the following lines:

  GPG_AGENT_INFO=/tmp/gpg-3JMzhv/S.gpg-agent:32230:1; export GPG_AGENT_INFO;
  SSH_AUTH_SOCK=/tmp/gpg-gA6FYU/S.gpg-agent.ssh; export SSH_AUTH_SOCK;
  SSH_AGENT_PID=32230; export SSH_AGENT_PID;

The SSH lines are because I have enable-ssh-support in my
gpg-agent.conf.  That is what the eval evaluates.  Now cut+paste the
GPG_AGENT_INFO line into the shell to manually do the eval. Then you
can test whether it works:

  $ gpg-connect-agent

enter for example


and the pinentry will appear to ask you about foo.  Click on OK and
you will seethe OK :-).  Ctrl-D terminates gpg-connect-agent.  You may
run it with the option --verbose to see sonme diagnostics.

The best way to debug it is by invoking gpg in a different way:

  $ gpg-agent --daemon --debug 1024 /bin/sh
  gpg-agent[32264]: reading options from `/home/test/.gnupg/gpg-agent.conf'
  gpg-agent[32264]: listening on socket `/tmp/gpg-g4KTHx/S.gpg-agent'
  gpg-agent[32264]: listening on socket `/tmp/gpg-MxP8eV/S.gpg-agent.ssh'

This runs a shell under the control of the gpg-agent and also sets up
the environment variables.  How you may use gpg --use-agent at this
shell but we want to try it manually:

  sh-3.00$ gpg-connect-agent
  gpg-agent[32265]: handler 0x808cae0 for fd 0 started
  gpg-agent[32265.0x808cde8] DBG: -> OK Pleased to meet you
  gpg-agent[32265.0x808cde8] DBG: <- RESET
  gpg-agent[32265.0x808cde8] DBG: -> OK
  gpg-agent[32265.0x808cde8] DBG: <- OPTION display=localhost:11.0
  gpg-agent[32265.0x808cde8] DBG: -> OK
  gpg-agent[32265.0x808cde8] DBG: <- OPTION ttyname=/dev/pts/2
  gpg-agent[32265.0x808cde8] DBG: -> OK
  gpg-agent[32265.0x808cde8] DBG: <- OPTION ttytype=xterm
  gpg-agent[32265.0x808cde8] DBG: -> OK
  gpg-agent[32265.0x808cde8] DBG: <- OPTION lc-ctype=en_US
  gpg-agent[32265.0x808cde8] DBG: -> OK
  gpg-agent[32265.0x808cde8] DBG: <- OPTION lc-messages=C
  gpg-agent[32265.0x808cde8] DBG: -> OK

Here we have connected succesfully to the agent and the inital
handshake has been done.  "debug 1024" let you see all this. Now we


and gpg-agent does its magic:

  gpg-agent[32265.0x808cde8] DBG: <- GET_CONFIRMATION bar
  gpg-agent[32265]: starting a new PIN Entry
  gpg-agent[32265]: DBG: connection to PIN entry established
  gpg-agent[32265]: command get_confirmation failed: Not confirmed
  gpg-agent[32265.0x808cde8] DBG: -> ERR 67108978 Not confirmed <GPG Agent>

Well I clicked on cancel and gpg-agent returned

  ERR 67108978 Not confirmed <GPG Agent>

the status code for cancel

  gpg-agent[32265.0x808cde8] DBG: <- [EOF]
  gpg-agent[32265]: handler 0x808cae0 for fd 0 terminated

gpg-connect-agent has disconnected from the agent.  and we want to
terminate the agent too:
  sh-3.00$ exit
  $ gpg-agent[32265]: parent process died - shutting down
  gpg-agent[32265]: gpg-agent (GnuPG) 1.9.23-svn4218 stopped
  gpg-agent[32265]: secmem usage: 0/16384 bytes in 0 blocks
System is clean again and ready for another test ;-)

I hope this helps to understand how the agaent works.  The actual
command gpg uses to get the passphrase is:


(enter the X verbatim).

You should also read the manual where the installation of the
gpg-agent ins described.  The manual is in info format, thus enter
"info gnupg".  The next version will also come with man pages
automatically created from the Texinfo source.



More information about the Gnupg-users mailing list