Monitoring queries to gpg-agent?
Kristian Larsson
kll at dev.terastrm.net
Thu Sep 27 10:24:43 CEST 2018
Werner Koch <wk at gnupg.org> writes:
> On Tue, 25 Sep 2018 23:03, kll at dev.terastrm.net said:
>
>> I would like to see the queries to gpg-agent that clients are
>> sending. Like what key are they trying to access and whatever
>> other
>
> That is easy. Put
>
> log-file socket://
> debug ipc
>
> into ~/.gnupg/gpg-agent.conf. Feed your monitor process the
> with the
> output of
>
> watchgnupg --force $(gpgconf --list-dirs socketdir)/S.log
>
> What you see are debug messages so it is not a really stable
> inetrface
> but it has not changed for more than a decade. Inside the debug
> message
> you see the request from the gpg processes and gpg-agent's
> replies. You
> can easily distinguish the gpg processes. For the semantics of
> the
> protocol used between gpg and the agent you can use the online
> help:
>
> gpg-connect-agent
>
> and then enter "HELP <mycommand>". <mycommand> might be PKSIGN
> etc. The
> manual (info or PDF file) describes some of theses commands.
>
> If you want to see the interaction between gpg-agent and
> pinentry as
> weel, add the line
>
> debug-pinenentry
>
> to gpg-agent.conf and you see when and what gpg-agent sends to
> the
> pinentry. Sensitive data is blackened. If you need more help,
> please
> don't hesitate to ask.
Thanks! It was a little lower level than I had wished for but I'll
have a look and see if I can make something useful out of it :)
Kind regards,
Kristian.
--
Kristian Larsson
kll at dev.terastrm.net
More information about the Gnupg-users
mailing list