Using gpg-agent --supervised with systemd

Evan Klitzke evan at
Wed Mar 21 22:48:26 CET 2018

Hi all,

I am using gpg 2.2.5 and stumbled across the --supervised option while 
reading the man page. I was able to get the ssh-agent functionality 
working perfectly, but I'm having problems with the gpg-agent 

I created systemd user units for ssh-agent.socket, gpg-agent.socket, and 
gpg-agent.service. I was able to get this all set up correctly so the 
gpg-agent service knows where its sockets are:

$ sysu status gpg-agent.service
Mar 21 14:34:12 t460s systemd[1075]: Started GPG agent.
Mar 21 14:34:12 t460s gpg-agent[2835]: gpg-agent (GnuPG) 2.2.5 starting 
in supervised mode.
Mar 21 14:34:12 t460s gpg-agent[2835]: using fd 3 for std socket 
Mar 21 14:34:12 t460s gpg-agent[2835]: using fd 4 for ssh socket 
Mar 21 14:34:12 t460s gpg-agent[2835]: listening on: std=3 extra=-1 
browser=-1 ssh=4

That's exactly where I put the sockets, so all good on that front. I was 
also able to figure out how to get pinentry working correctly. I set 
SSH_AUTH_SOCK and indeed, ssh uses the right socket and talks to my 
gpg-agent service.

However, gpg2 is still getting confused and not finding the agent. The 
README file for gpg 2.2 has some hints on why this may be the case:

> Note that gpg-agent now uses a fixed socket.  All tools will start
> the gpg-agent as needed.  The formerly used environment variable
> GPG_AGENT_INFO is ignored by 2.2.  The SSH_AUTH_SOCK environment
> variable should be set to a fixed value.

This is indeed what I see: when I try to use gpg2, it starts its own 
gpg-agent, ignoring my systemd service. I tried different permutations 
of options but can't figure out why this isn't working. Whenever I try 
to decrypt a file, gpg2 thinks there isn't an agent process running, and 
tries to start its own in ~/.gnupg.

What is the trick to making this work correctly?

Evan Klitzke                    San Francisco, CA, USA
evan at       
pgp: AF91 7318 B8C4 2D11 2721 625D 157E FCAC BC64 8422

More information about the Gnupg-users mailing list