I am using Fluxbox on Slackware-14.1n, started through gdm, and would like to avoid typing my passphrase too often. I use gnupg2.

I tried to configure gpg-agent but didn't succeed so far. I didn't find anything on SlackDocs.

I have written:

• in ~/.gnupg/gpg.conf: use-agent
• in ~/.gnupg/gpg-agent.conf:
  Code:

  pinentry-program /usr/bin/pinentry
  no-grab
  default-cache-ttl 3600

• in .xinitrc: eval "$(gpg-agent --daemon)"
• in .bashrc:
  Code:

  GPG_TTY=$(tty)
  export GPG_TTY

• in .xsession
  Code:

  if [ -f "${HOME}/.gpg-agent-info" ]; then
     . "${HOME}/.gpg-agent-info"
  fi

The daemon doesn't seem to start when I begin a session. What am I doing wrong?

I just used what's basically told in "man gpg-agent".
I have this in my ~/.profile :

2 members found this post helpful.

This works. Your solution have the advantage of keeping all the settings in the same file, valid on the console as under X.

So, thanks Eric!

gnupg2 always uses the agent (so the use-agent directive is not needed) and starts it automatically. You only need to manually start it if you also use it for ssh authentication because ssh doesn't know about it.

The most known way to start it is what Eric mentioned but there is a "newer" one too (it was mentioned in the mailing list some time ago but it was put in the manpage of gpg-agent too).

If you do not use ssh keys then you do not need the enable-ssh-support directive (and if you use 2.1 version of gnupg2 then you don't even need the use-standard-socket directive because it is always used).

.zshrc or .bashrc or equivalent interactive shell startup file
The above code unsets the "old-way" variables and then tells ssh to use the S.gpg-agent.ssh socket in order to talk to the agent's ssh emulation (again only needed if you use ssh keys)

I think this is only needed for curses and tty pinentry so that the password prompt is printed in the right terminal and is not needed for gtk/qt pinentry but i always set it anyway.

The above code is again only needed for ssh support. As we said in the beginning, when you use gpg-agent for ssh, then you must start the agent manually because ssh doesn't know how to start it. The gpg-agent manpage tells us to run "gpg-connect-agent /bye" to start the agent. The code above does that and also tells the agent to update the tty that is uses to point to the current one (again i think it is not needed for gtk/qt pinentry but i have it anyway).

If you do not use ssh emulation then only put "use-standard-socket" and everything will work.

Edit: This way works only with gnugp2 and not with gnupg.

3 members found this post helpful.

Interesting... here's mine, in $HOME/.xprofile since I use a gui login manager:
My $HOME/.gnupg/gpg-agent.conf has this
and then in $HOME/.bashrc, I have the GPG_TTY stuff set so that each vterm will bring up the curses pinentry if needed.

That --use-standard-socket option seems to just make it use $HOME/somewhere instead of /tmp - I like it.

On a related note, I seem to have some sort of race condition between ssh-agent (shipped with openssh) and gpg's agent -- sometimes gpg wins and sometimes ssh-agent wins. I can't figure out what's starting ssh-agent :/ EDIT: quite possibly that was a bug in my code before after making the edits for using standard socket - can't repro now, it seems.

Sorry to necrobump this thread : long ago I started using Alien Bob's advice to have this set up.
It's been quite long time since I've got an error at my shell launch (that do not seem critical to me, but not sure...)
That's deprecated, it's ok, let's wipe the line from ~/.gnupg/gpg-agent.conf
(Sorry, that's translated)
Doesn't seem too critical either but the code generating this is much harder for me to understand and I haven't found any newer posts.

Any help would be much apreciated

Regards

Which version of GnuPG are you using? Since your profile indicates “Slackware-current”, I assume it’s GnuPG 2.2.x (instead of GnuPG 2.0.x as in Slackware 14.2 or less).

With GnuPG 2.2, if you do not plan to use GPG-Agent for SSH then you don’t need anything in your profile scripts beyond the export GPG_TTY=$(tty) line. All GnuPG components will start the agent on-demand if one is not already running. They know where to look for the agent’s socket and the GPG_AGENT_INFO environment variable is not used anymore.

If you do want SSH support, then you need to: ① make sure the agent is running before attempting any SSH connection, and ② set the SSH_AUTH_SOCK environment variable to the agent’s socket.

To achieve ①, is is enough to call gpg-connect-agent /bye. Alternatively you may use gpgconf --launch gpg-agent, the end result will be the same.

For ②, the recommended way to get the path to the socket is gpgconf --list-dirs agent-ssh-socket.

3 members found this post helpful.

Thanks. I'll try to get this working the right way.