version 4, including all changes.
.
| Rev |
Author |
# |
Line |
| 1 |
CraigBox |
1 |
!!Using GPG with an agent |
| |
|
2 |
|
| |
|
3 |
Like [SSH], [GPG] lets you use an agent to cache your PassPhrase in memory for a time, and provide it back to GPG when you would otherwise have to retype it. |
| |
|
4 |
|
| |
|
5 |
On Debian/Ubuntu: |
| |
|
6 |
|
| |
|
7 |
<tt>apt-get install gnupg-agent pinentry-curses</tt> |
| |
|
8 |
|
| |
|
9 |
pinentry is a program to securely accept your passphrase. There are GTK and QT versions available for X users. |
| |
|
10 |
|
| |
|
11 |
To start the GPG agent, run <tt>eval `gpg-agent --daemon`</tt> (I keep this in my ~/.bashrc). |
| |
|
12 |
|
| |
|
13 |
You configure the agent in ~/.gnupg/gpg-agent.conf. A sample: |
| |
|
14 |
<pre> |
| |
|
15 |
default-cache-ttl 3600 |
| |
|
16 |
pinentry-program /usr/bin/pinentry-curses |
| |
|
17 |
</pre> |
| |
|
18 |
|
| |
|
19 |
This caches the pin for 3600 seconds (1 hour) and uses the curses (text mode) pin entry program. |
| |
|
20 |
|
| |
|
21 |
The first time you run gpg, and would have to enter your passphrase, the pinentry program will pop up and ask for it for you. It will then be cached for the defined TTL, so you won't be asked for it again. This is useful if you're doing anything that does more than one GPG operation, such as running a script to sign two files. |
| |
|
22 |
|
| |
|
23 |
!!I am not prompted for a passphrase when I should be |
| |
|
24 |
|
| |
|
25 |
<pre> |
| |
|
26 |
You need a passphrase to unlock the secret key for |
| |
|
27 |
user: "IT Partners <packages@itpartners.co.nz>" |
| |
|
28 |
1024-bit DSA key, ID xxxxxxx, created 2005-04-21 |
| |
|
29 |
|
| |
|
30 |
gpg: cancelled by user |
| |
|
31 |
gpg: skipped "xxxxxxxx": bad passphrase |
| |
|
32 |
</pre> |
| |
|
33 |
|
| |
|
34 |
Why wasn't I prompted for the passphrase? pinentry-curses needs a [TTY], and if you don't have GPG_TTY set, it won't be able to find one if you're running from a script. |
| |
|
35 |
|
| |
|
36 |
<tt>GPG_TTY=`tty`</tt> in your .bashrc will fix this for you. |
| 2 |
ChrisOh |
37 |
|
| |
|
38 |
|
| |
|
39 |
---- |
| 3 |
ChrisOh |
40 |
!!Experience getting gpg going with KMail on Kubuntu 7.04 |
| 2 |
ChrisOh |
41 |
|
| 3 |
ChrisOh |
42 |
<tt>apt-get install gnupg-agent pinentry-qt kgpg gnupg2</tt> |
| 2 |
ChrisOh |
43 |
|
| 3 |
ChrisOh |
44 |
pinentry is a program to securely accept your passphrase. The QT version pinentry-qt is suitable for KDE users. |
| 2 |
ChrisOh |
45 |
|
| |
|
46 |
To start the GPG agent, run <tt>eval `gpg-agent --daemon --write-env-file`</tt> (Keep this in ~/.bashrc or ~/.xsession). |
| |
|
47 |
|
| 4 |
ChrisOh |
48 |
This writes a file ~/.gpg-agent-info and prevents additional gpg-agents starting (I think?). The environment variable GPG_AGENT_INFO get its value from here and this is where KMail figures which gpg-agent to talk with. |
| 2 |
ChrisOh |
49 |
|
| |
|
50 |
You configure the agent in ~/.gnupg/gpg-agent.conf. A sample: |
| |
|
51 |
<pre> |
| |
|
52 |
default-cache-ttl 3600 |
| |
|
53 |
pinentry-program /usr/bin/pinentry-qt |
| |
|
54 |
</pre> |
| |
|
55 |
|
| |
|
56 |
Configure ~/.gnupg/gpg.conf to use the gpg-agent you've just got going. |
| 3 |
ChrisOh |
57 |
Uncomment the option <tt>use-agent</tt> |
| 2 |
ChrisOh |
58 |
|
| 3 |
ChrisOh |
59 |
If the file does not exist you can use Kgpg to create the file for you. However the file it only include one keyserver. You can add the others to this file. |
| 2 |
ChrisOh |
60 |
|
| |
|
61 |
Configure ~/.bashrc to include |
| |
|
62 |
|
| 3 |
ChrisOh |
63 |
<tt>GPG_TTY=`tty`</tt> and |
| |
|
64 |
<tt>export GPG_TTY</tt> |
| 2 |
ChrisOh |
65 |
|
| |
|
66 |
|
| |
|
67 |
|
| |
|
68 |
|
| |
|
69 |
|
| 1 |
CraigBox |
70 |
|
| |
|
71 |
----- |
| |
|
72 |
Find other pages like me in CategoryNotes |
