setting env vars for gpg-agent
Richard Ulrich
ricul77 at gmail.com
Mon Sep 15 22:07:53 CEST 2014
Hi Werner,
I just discovered that signing deb packages is not as smooth as before.
* If I have an active gpg-agent session, it fails with the following
error:
clearsign failed: Allgemeiner Fehler
* If I reinsert the card, I get thw following :
gpg: GPG-Agent ist in dieser Sitzung nicht vorhanden
Geben Sie die PIN ein:
Then I have to enter the pin twice in the terminal. In all other
instances so far it was always in the graphical pinentry dialog.
I can verify, that gpg-agent is still running, and still working for
ssh.
But for regular gpg operation I discovered also other problems:
$ gpg -d mhs_paraeasy_ch.txt.gpg
gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0xxxxxx …
Bitte entfernen Sie die Karte und legen stattdessen die Karte mit
folgender Seriennummer ein:
D27xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Drücken Sie 'Eingabe' wenn fertig; oder drücken Sie 'c' um abzubrechen:
All this worked with the previous content in .bashrc.
Rgds
Richard
Am Montag, den 15.09.2014, 21:17 +0200 schrieb Richard Ulrich:
> Hi Werner,
>
> So, I replaced my content in .bashrc with yours, but the behavior is
> still exactly the same.
> * ssh smartcard auth works accross different terminals. (so the agent
> must be functional)
> * evolution signiging works only if started from the terminal, even if I
> comment out the line : "if [ "$PS1" ]; then"
> * enigform in firefox doesn't sign the headers.
>
> I did not understand the last paragraph with "gpg-connect-agent /bye".
> But since the ssh part is working, I don't think that's necessary.
>
> Rgds
> Richard
>
> Am Sonntag, den 14.09.2014, 11:31 +0200 schrieb Werner Koch:
> > On Sat, 13 Sep 2014 22:02, ricul77 at gmail.com said:
> > > After gpg-agent stopped to work for ssh auth from OpenPGP smartcard
> > > after some ubuntu upgrade a while back, I launch it and set the env
> > > variables in ~/.bashrc.
> >
> > I suggest to lauch gpg-agent on the fly: Add
> >
> > use-standard-socket
> >
> > to ~/.gnupg/gpg-agent.conf and remove all settings of GPG_AGENT_INFO. I
> > use this in my ~/.bashrc :
> >
> > --8<---------------cut here---------------start------------->8---
> > # If running interactively, then:
> > if [ "$PS1" ]; then
> >
> > # Setup information required by GnuPG and ssh. We use the standard
> > # socket in GnuPG's homedir, thus there is no need for an
> > # environment variable. We reset any left over envvar.
> > # SSH_AGENT_PID should not be set either because it is only used to
> > # kill ssh-agent (option -k) but we don't want this to kill
> > # gpg-agent. Because ssh does not know about GnuPG's homedir we
> > # need to set its envvar to gpg-agent's ssh socket. GPG_TTY needs
> > # to be set to the current TTY. The extra test is used to avoid
> > # setting SSH_AUTH_SOCK if gpg-agent has been started with the
> > # shell on the command line (often used for testing).
> > unset GPG_AGENT_INFO
> > unset SSH_AGENT_PID
> > if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
> > export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
> > fi
> > fi
> >
> > export GPG_TTY=$(tty)
> > --8<---------------cut here---------------end--------------->8---
> >
> > If you want to use gpg-agent's ssh-agent implementaion, you need to make
> > sure that gpg-agent is started (becuase ssh does not know how to start
> > gpg-agent). You may do this with "gpg-connect-agent /bye"
> >
> > This works since 2.0.16 released 4 years ago. Recent veNote that if you
> > have ~/.gnupg on some remote file system, this may not work.
> >
> >
> >
> > Salam-Shalom,
> >
> > Werner
> >
> >
>
More information about the Gnupg-users
mailing list