Forward entire gnupg $HOME

[Andre Klärner]

Hi all,

is there a way to properly shared the entire keyring and trust settings
between two machines?

My use case is the following:

Mutt, my email client, runs on a containerized mailserver on another machine
right under my desk.

My GPG key is stored on a Yubikey attached to my workstation (another
physical machine compared to the mailserver's host system)

I usually use my workstation to do everything, but since I can't access my
mailbox via NFS anymore (different story), I resorted to sshing into my
email server, and doing all the mailing needs right there, locally.

My Yubikey also is used as the SSH key for everything, and hence plugged
into my workstation.

After following https://wiki.gnupg.org/AgentForwarding and batteling with
the autostarting gpg-agent (fixed with no-autostart in the remote system's
gpg.conf), masking all but the dirmngr systemd socket and service units, and
struggeling with the removal of /run/user/1000/gnupg on logout, I finally
got it to work. (Nice how the last one doesn't matter, if dirmngr.socket is
enabled.)

Now I have another problem: my main machine knows all my internet friend's
keys, my mailserver not. I can of cause gpg --export, scp and gpg --import,
but that is nothing scalable and needs to be repeated over and over again
when anything changes.

Do I expect to much, or is this simply and typically invalid usecase?
Is there a simpler way to configure a remote GPG just for a session, so
that it uses another socket to connect to the gpg-agent (I also sign git
commits, sometimes with etckeeper even on remote machines).

Thanks a lot for reading, and best regards,
Andre

-- 
Andre Klärner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190904/f3a633e3/attachment.sig>