Problems with gnome-keyring et al. (was: Card only available to root user)
Werner Koch
wk at gnupg.org
Tue Aug 9 11:15:13 CEST 2011
On Tue, 9 Aug 2011 02:44, luis at debethencourt.com said:
> So it looks like GNOME's ssh-agent is interfering. How can I avoid this?
Tell them that they should not interfere with GnuPG.
If you put a line
use-standard-socket
into ~/.gnupg/gpg-agent.conf and stop starting gpg-agent in the xsession
etc., all tools requiring gpg-agent will start gpg-agent on the fly.
There is even no more need for the GPG_AGENT_INFO envvar; I even
explicitly unset this variable in my profile. Thus the only envvar you
need is GPG_TTY.
If you want to use gpg-agent as ssh-agent you should also put a line
enable-ssh-support
into ~/.gnupg/gpg-agent.conf and put into your profile
unset SSH_AGENT_PID
SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
export SSH_AUTH_SOCK
Now you only need to make sure that gpg-agent is started before you use
ssh. This is because ssh has no way to start gpg-agent on the fly; I do
this with a simple
gpg-connect-agent /bye
If you want to check whether gpg-agent is _configured_ to use the
standard socket, you may call
gpg-agent --use-standard-socket-p
This is actually what all GnuPG tools do to see whether they may start
gpg-agent on the fly.
The standard socket makes things easier and hopefully harder for
gnome-keyring to interfere with it.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list