setting env vars for gpg-agent

Richard Ulrich ricul77 at gmail.com
Mon Sep 15 22:07:53 CEST 2014


Hi Werner,

I just discovered that signing deb packages is not as smooth as before. 

* If I have an active gpg-agent session, it fails with the following
error:
clearsign failed: Allgemeiner Fehler

* If I reinsert the card, I get thw following :
gpg: GPG-Agent ist in dieser Sitzung nicht vorhanden
Geben Sie die PIN ein:
Then I have to enter the pin twice in the terminal. In all other
instances so far it was always in the graphical pinentry dialog.

I can verify, that gpg-agent is still running, and still working for
ssh. 

But for regular gpg operation I discovered also other problems:

$ gpg -d mhs_paraeasy_ch.txt.gpg 
gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0xxxxxx …
Bitte entfernen Sie die Karte und legen stattdessen die Karte mit
folgender Seriennummer ein:
   D27xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Drücken Sie 'Eingabe' wenn fertig; oder drücken Sie 'c' um abzubrechen:

All this worked with the previous content in .bashrc.


Rgds
Richard

Am Montag, den 15.09.2014, 21:17 +0200 schrieb Richard Ulrich:
> Hi Werner,
> 
> So, I replaced my content in .bashrc with yours, but the behavior is
> still exactly the same.
> * ssh smartcard auth works accross different terminals. (so the agent
> must be functional)
> * evolution signiging works only if started from the terminal, even if I
> comment out the line : "if [ "$PS1" ]; then"
> * enigform in firefox doesn't sign the headers.
> 
> I did not understand the last paragraph with "gpg-connect-agent /bye".
> But since the ssh part is working, I don't think that's necessary.
> 
> Rgds
> Richard
> 
> Am Sonntag, den 14.09.2014, 11:31 +0200 schrieb Werner Koch:
> > On Sat, 13 Sep 2014 22:02, ricul77 at gmail.com said:
> > > After gpg-agent stopped to work for ssh auth from OpenPGP smartcard
> > > after some ubuntu upgrade a while back, I launch it and set the env
> > > variables in ~/.bashrc. 
> > 
> > I suggest to lauch gpg-agent on the fly: Add
> > 
> > use-standard-socket
> > 
> > to ~/.gnupg/gpg-agent.conf and remove all settings of GPG_AGENT_INFO.  I
> > use this in my ~/.bashrc :
> > 
> > --8<---------------cut here---------------start------------->8---
> > # If running interactively, then:
> > if [ "$PS1" ]; then
> >         
> >     # Setup information required by GnuPG and ssh.  We use the standard
> >     # socket in GnuPG's homedir, thus there is no need for an
> >     # environment variable.  We reset any left over envvar.
> >     # SSH_AGENT_PID should not be set either because it is only used to
> >     # kill ssh-agent (option -k) but we don't want this to kill
> >     # gpg-agent.  Because ssh does not know about GnuPG's homedir we
> >     # need to set its envvar to gpg-agent's ssh socket.  GPG_TTY needs
> >     # to be set to the current TTY.  The extra test is used to avoid
> >     # setting SSH_AUTH_SOCK if gpg-agent has been started with the
> >     # shell on the command line (often used for testing).
> >     unset GPG_AGENT_INFO
> >     unset SSH_AGENT_PID
> >     if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
> >       export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
> >     fi
> > fi
> > 
> > export GPG_TTY=$(tty)
> > --8<---------------cut here---------------end--------------->8---
> > 
> > If you want to use gpg-agent's ssh-agent implementaion, you need to make
> > sure that gpg-agent is started (becuase ssh does not know how to start
> > gpg-agent).  You may do this with "gpg-connect-agent /bye"
> > 
> > This works since 2.0.16 released 4 years ago.  Recent veNote that if you
> > have ~/.gnupg on some remote file system, this may not work.
> > 
> > 
> > 
> > Salam-Shalom,
> > 
> >    Werner
> > 
> > 
> 





More information about the Gnupg-users mailing list