Problems with gnome-keyring et al. (was: Card only available to root user)

Werner Koch wk at gnupg.org
Tue Aug 9 11:15:13 CEST 2011


On Tue,  9 Aug 2011 02:44, luis at debethencourt.com said:

> So it looks like GNOME's ssh-agent is interfering. How can I avoid this?

Tell them that they should not interfere with GnuPG.  

If you put a line 

  use-standard-socket

into ~/.gnupg/gpg-agent.conf and stop starting gpg-agent in the xsession
etc., all tools requiring gpg-agent will start gpg-agent on the fly.
There is even no more need for the GPG_AGENT_INFO envvar; I even
explicitly unset this variable in my profile.  Thus the only envvar you
need is GPG_TTY.

If you want to use gpg-agent as ssh-agent you should also put a line

  enable-ssh-support

into ~/.gnupg/gpg-agent.conf and put into your profile 

  unset SSH_AGENT_PID
  SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
  export SSH_AUTH_SOCK

Now you only need to make sure that gpg-agent is started before you use
ssh.  This is because ssh has no way to start gpg-agent on the fly; I do
this with a simple

  gpg-connect-agent /bye

If you want to check whether gpg-agent is _configured_ to use the
standard socket, you may call

 gpg-agent --use-standard-socket-p

This is actually what all GnuPG tools do to see whether they may start
gpg-agent on the fly.

The standard socket makes things easier and hopefully harder for
gnome-keyring to interfere with it.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list