Problems loading an authentication key from a USB Crypto-Stick
Todd A. Jacobs
codegnome.consulting+gnupg.org at gmail.com
Sun Feb 26 17:50:15 CET 2012
On Sat, Feb 25, 2012 at 8:43 AM, Todd A. Jacobs wrote:
> eval `keychain --eval --agents gpg,ssh id_rsa BCB6C8D4`
With keychain 2.6.8 (and possibly others) the agents won't start properly
if actually specified, so taking out the agents option actually allows
gpg-agent to start, while also handling the ssh-agent keys. One also needs
to add the --quick option to avoid being prompted for the gpg key's
passwords each time. So:
eval `keychain --quick --ignore-missing --eval id_rsa BCB6C8D4`
*mostly* works, but the gpg-agent is still not being consulted for signing.
Even if one kills all agents and the scdaemon, and uses "eval $(gpg-agent
--daemon)" instead, the agent refuses to consult the cache when signing.
$ gpg-agent --version
gpg-agent (GnuPG) 2.0.17
$ echo $GPG_AGENT_INFO
# Prompts twice for password to clearsign.
echo foo | gpg --clearsign; echo foo | gpg --clearsign
So, the keychain problem seems to be resolved, in that gpg-agent is now
reading the SSH authentication key off the CryptoStick and handing it off
to ssh-agent, but gpg-agent is still not caching passphrases for signing
activities, which seems rather critical to its usefulness. :)
What else can I do to help debug this?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users