setting env vars for gpg-agent

Werner Koch wk at
Sun Sep 14 11:31:33 CEST 2014

On Sat, 13 Sep 2014 22:02, ricul77 at said:
> After gpg-agent stopped to work for ssh auth from OpenPGP smartcard
> after some ubuntu upgrade a while back, I launch it and set the env
> variables in ~/.bashrc. 

I suggest to lauch gpg-agent on the fly: Add


to ~/.gnupg/gpg-agent.conf and remove all settings of GPG_AGENT_INFO.  I
use this in my ~/.bashrc :

--8<---------------cut here---------------start------------->8---
# If running interactively, then:
if [ "$PS1" ]; then
    # Setup information required by GnuPG and ssh.  We use the standard
    # socket in GnuPG's homedir, thus there is no need for an
    # environment variable.  We reset any left over envvar.
    # SSH_AGENT_PID should not be set either because it is only used to
    # kill ssh-agent (option -k) but we don't want this to kill
    # gpg-agent.  Because ssh does not know about GnuPG's homedir we
    # need to set its envvar to gpg-agent's ssh socket.  GPG_TTY needs
    # to be set to the current TTY.  The extra test is used to avoid
    # setting SSH_AUTH_SOCK if gpg-agent has been started with the
    # shell on the command line (often used for testing).
    unset GPG_AGENT_INFO
    unset SSH_AGENT_PID
    if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
      export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"

export GPG_TTY=$(tty)
--8<---------------cut here---------------end--------------->8---

If you want to use gpg-agent's ssh-agent implementaion, you need to make
sure that gpg-agent is started (becuase ssh does not know how to start
gpg-agent).  You may do this with "gpg-connect-agent /bye"

This works since 2.0.16 released 4 years ago.  Recent veNote that if you
have ~/.gnupg on some remote file system, this may not work.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list