gpg and smartcard on ubuntu 16.04

guido guido at dis.tur.bio
Sat Apr 30 15:26:40 CEST 2016


On 28/04/2016, Peter Lebbing wrote:
> On 28/04/16 02:23, NIIBE Yutaka wrote:
> > In my environment of Debian, those variables are set by:
> > /etc/X11/Xsession.d/90gpg-agent
>
> After I installed GnuPG 2.1 on my Debian Jessie (which doesn't have 2.1
> itself), I encountered annoying issues. I also use smartcards, for SSH
> auth as well. I got it to run much smoother by editing this file to be
> the attached file. It did have a gotcha: if there isn't an agent
> running, you have to do something like:
>
> $ gpg-connect-agent /bye
>
> before you can do SSH auth. Note that the agent survives a logout/login.
>
> I got the impression that the explicit starting of the daemon in the
> startup script somehow messed something up. But I had some trouble
> pinning down the exact problem, and since it now works in a way that
> works for me, I left it at this.

Yes, In 2.1 you are not supposed to start the gpg-agent on login, it starts automatically on demand. If you start it like in <2.0 you will not be able to connect to it.

But ssh needs that, that is documented here
https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html#Invoking-GPG_002dAGENT

> Perhaps you could just add the gpg-connect-agent call to the
> if-ssh-support conditional, and it would be purrfect. I will try that
> now and see if everything stays peachy.

At least in debian's default version, that is already in /etc/X11/XSession.d/90gpg-agent. But i kind of think that's responsability of the package mantainer and not gnupg upstream.

Salud,
g.

> HTH,
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

> : ${GNUPGHOME=$HOME/.gnupg}
>
> if grep -qs '^[[:space:]]*enable-ssh-support' "${GNUPGHOME}/gpg-agent.conf"; then
>     SSH_AUTH_SOCK="${GNUPGHOME}/S.gpg-agent.ssh"
>     export SSH_AUTH_SOCK
> fi

> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: </pipermail/attachments/20160430/cdd6bd6e/attachment.sig>


More information about the Gnupg-users mailing list