gpg and smartcard on ubuntu 16.04

Peter Lebbing peter at digitalbrains.com
Sat Apr 30 15:45:45 CEST 2016 

On 30/04/16 15:26, guido wrote:
> Yes, In 2.1 you are not supposed to start the gpg-agent on login, it
> starts automatically on demand. If you start it like in <2.0 you will
> not be able to connect to it.

Purely out of interest, what is it that goes wrong? Is it that the
correct command-line arguments are missing? If it is autostarted by
gpg-connect-agent, it has the form

gpg-agent --homedir /home/peter/.gnupg --use-standard-socket --daemon

which is not what is in /etc/X11/Xsession.d/90gnupg-agent.

> But ssh needs that

I know, which is why I added the gpg-connect-agent call in my version of
the script.

>> Perhaps you could just add the gpg-connect-agent call to the 
>> if-ssh-support conditional, and it would be purrfect. I will try
>> that now and see if everything stays peachy.
> 
> At least in debian's default version, that is already in
> /etc/X11/XSession.d/90gpg-agent. But i kind of think that's
> responsability of the package mantainer and not gnupg upstream.

I don't understand what you mean. I just checked on the latest unstable
version of gnupg-agent, and that version starts the agent explicitly,
with the argument "--daemon". This is the variant that caused issues for
me. I start the agent by "gpg-connect-agent /bye". For reference, I
attach the script as it is by default in Debian.

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
: ${GNUPGHOME=$HOME/.gnupg}

GPGAGENT=/usr/bin/gpg-agent

if grep -qs '^[[:space:]]*use-agent' "$GNUPGHOME/gpg.conf" "$GNUPGHOME/options" &&
   test -x $GPGAGENT; then

   # Invoking gpg-agent with no arguments exits successfully if the agent
   # is already running on the standard socket
   if ! $GPGAGENT 2>/dev/null; then
       "$GPGAGENT" --daemon
   fi
   GPG_AGENT_INFO="${GNUPGHOME}/S.gpg-agent:0:1"
   export GPG_AGENT_INFO
   if grep -qs '^[[:space:]]*enable-ssh-support' "${GNUPGHOME}/gpg-agent.conf"; then
       SSH_AUTH_SOCK="${GNUPGHOME}/S.gpg-agent.ssh"
       export SSH_AUTH_SOCK
   fi
fi

More information about the Gnupg-users mailing list