gpg-preset-passphrase and extra agent socket
Werner Koch
wk at gnupg.org
Fri Mar 24 10:18:30 CET 2023
On Wed, 22 Mar 2023 16:16, xeyrion--- said:
> Forwarding normal socket (instead of extra socket) makes the prompt go
> away. Is there a way to preset passphrase for extra socket as well?
The caching behavior does not depend on the connection type. Thus this
should not be an issue. I assume you are using 2.4.0 which has a couple
of fixes for remote use.
I am almost always using the extra-socket with cards and thus I unloch
the card before I start working (using "gpg-card" and its "verify"
command).
I would suggest to add
debug ipc,cache
log-file /foo/somefile
to your local gpg-agent.conf (or use watchgnupg and "socket://" as file
for live watching) to see what's going on. You should see some error
message "Forbidden" when the remote site issues certain commands.
> If not, what are the implications of forwarding the normal socket? The wiki
> page just says "extra socket is more restricted" without going into any
For example the remote site can't list the keys on the local site. This
is sometimes required and thus you can allow this on per private key
base by adding
Remote-list: true
to the private key file (which you figure out using gpg -K
--with-keygrip). But that might not be your problem.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230324/2d43b1a8/attachment.sig>
More information about the Gnupg-users
mailing list