gpg-agent in 2.1

Marc Mercer mmercer at
Thu Jun 11 03:10:25 CEST 2015

Fellow Users,
I have read through all changes regarding the behavior in 2.1 vs the old
behavior in 2.0.27, which still allowed for --write-env-file
($GPG_AGENT_INFO), as well as tested several things, and seem to have some
issues, or perhaps misunderstandings regarding proper invocation and usage

With the old setup, I had my GAI configured, tty exported, etc, and
autostart worked with --enable-ssh-support all defined in conf.

Now I have managed to get it to work so that I can start the agent
initially with ssh-support, I attach to the socket, et cetera, however, two
scenarios break things --

1.) If the agent launches without ssh-support (as seen with ssh-add -l;  I
am a yubikey user, I should see the yubikey in the trusted list), I have to
kill the agent, and restart it.   -- When doing so, it does *not*
automatically export the SSH_AUTH_SOCK.  I have to recopy and paste that
output for the value to be set.

2.) In the old days, you could plug and unplug the card, and the agent
would reload the card (yes, you had to re-enter the pin, that is expected
behavior and how it is supposed to work).  Now, it no longer supports
plug/unplug behavior -- If you unplug, you are forced to kill the agent,
and then restart it (and this is also where I have to copy/paste the
SSH_AUTH_SOCK variable so that it knows where to attach).

Does anyone else use a pgp secure key with gpg2?  If so, how have you
managed to handle the gpg-agent behavior?  It seems to have more or less
broken the usability for secure card users, which I would consider a

Thanks for any input/info.

/* Marc Mercer
 * Owner, CT-Unlimited LLC
 * mmercer at
 * Skype: Daemoen
 * Office: (408) 384-8858
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150610/df7a6d43/attachment.html>

More information about the Gnupg-users mailing list