setting env vars for gpg-agent

Richard Ulrich ricul77 at gmail.com
Mon Sep 15 21:17:39 CEST 2014 

Hi Werner,

So, I replaced my content in .bashrc with yours, but the behavior is
still exactly the same.
* ssh smartcard auth works accross different terminals. (so the agent
must be functional)
* evolution signiging works only if started from the terminal, even if I
comment out the line : "if [ "$PS1" ]; then"
* enigform in firefox doesn't sign the headers.

I did not understand the last paragraph with "gpg-connect-agent /bye".
But since the ssh part is working, I don't think that's necessary.

Rgds
Richard

Am Sonntag, den 14.09.2014, 11:31 +0200 schrieb Werner Koch:
> On Sat, 13 Sep 2014 22:02, ricul77 at gmail.com said:
> > After gpg-agent stopped to work for ssh auth from OpenPGP smartcard
> > after some ubuntu upgrade a while back, I launch it and set the env
> > variables in ~/.bashrc. 
> 
> I suggest to lauch gpg-agent on the fly: Add
> 
> use-standard-socket
> 
> to ~/.gnupg/gpg-agent.conf and remove all settings of GPG_AGENT_INFO.  I
> use this in my ~/.bashrc :
> 
> --8<---------------cut here---------------start------------->8---
> # If running interactively, then:
> if [ "$PS1" ]; then
>         
>     # Setup information required by GnuPG and ssh.  We use the standard
>     # socket in GnuPG's homedir, thus there is no need for an
>     # environment variable.  We reset any left over envvar.
>     # SSH_AGENT_PID should not be set either because it is only used to
>     # kill ssh-agent (option -k) but we don't want this to kill
>     # gpg-agent.  Because ssh does not know about GnuPG's homedir we
>     # need to set its envvar to gpg-agent's ssh socket.  GPG_TTY needs
>     # to be set to the current TTY.  The extra test is used to avoid
>     # setting SSH_AUTH_SOCK if gpg-agent has been started with the
>     # shell on the command line (often used for testing).
>     unset GPG_AGENT_INFO
>     unset SSH_AGENT_PID
>     if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
>       export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
>     fi
> fi
> 
> export GPG_TTY=$(tty)
> --8<---------------cut here---------------end--------------->8---
> 
> If you want to use gpg-agent's ssh-agent implementaion, you need to make
> sure that gpg-agent is started (becuase ssh does not know how to start
> gpg-agent).  You may do this with "gpg-connect-agent /bye"
> 
> This works since 2.0.16 released 4 years ago.  Recent veNote that if you
> have ~/.gnupg on some remote file system, this may not work.
> 
> 
> 
> Salam-Shalom,
> 
>    Werner
> 
>

More information about the Gnupg-users mailing list