I have a need to encrypt backup files before they are sent to the tape library.
After some reading, I found that I should be using the 'gpg -c' command to encrypt the files.
When I tried to do that, I received an error, something about an agent. Not sure how to proceed. Don't know what the problem is.

[user@host ~]$ gpg -c foo
gpg: directory `/home/user/.gnupg' created
gpg: new configuration file `/home/user/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/user/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/user/.gnupg/pubring.gpg' created
can't connect to `/home/user/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[56666]: directory `/home/user/.gnupg/private-keys-v1.d' created
gpg-agent[56666]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of `foo' failed: Operation cancelled

AFAIS, with newer versions of GnuPG, gpg-agent is automatically installed. If this is not the case for your Linux-distribution, either verify that there is not a newer version of GnuPG available for your distribution or locate a package “gpg-agent” in the package-resources. In the latter case, verify also, that a pinentry-program is installed. There are different versions available, choose the one that pleases you most.

If installed, gpg-agent can be executed.

It appears the agent is installed:
$ gpg-agent --version
gpg-agent (GnuPG) 2.0.14
libgcrypt 1.4.5
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


Is this something which has to be started manually or is it a daemon process?

Even after trying to start this agent as a daemon, it still fails to encrypt files:

[user@host~]$ gpg-agent --daemon
GPG_AGENT_INFO=/tmp/gpg-4Mj3hs/S.gpg-agent:56345:1; export GPG_AGENT_INFO;
[user@host~]$ gpg -c foo
can't connect to `/home/user/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[56366]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of `foo' failed: Operation cancelled

Do you really need symmetric encryption? You don't seem to be seeing the password prompt, for whatever reason. It says "cancelled by user". I use the -e option for almost everything, which does asymmetric encryption, using the public key for encryption and the private key for decryption. I can understand using symmetric encryption if you need to have someone else able to decrypt, but asymmetric is easier.

It doesn't appear that you have generated you keys, though. You need to do that before doing anything else.

1 members found this post helpful.

You need to set the environment variables according to gpg-agent's output, so that subsequent gpg calls know how to find the agent. You can do this with

1 members found this post helpful.

Sorry to intervene once again on this topic, but usually it is the other way 'round.

Asymmetric encryption is to organize communication and exchange. Neither the security of the algorithms nor the protocols in use favor asymmetric encryption of locally stored files. “Easier” can only refer to a single aspect, that occupies you at a certain point in time. Afterwards, the complication augments with asymmetric encryption, as security begins to diminish and continues to decline continuously...

Some people confuse “Security” with the security to retrieve their data from encrypted files or encrypted media, or the security to receive and be able to open encrypted mail. But this is not the kind of security that encryption is meant for. Worse, if security is confused with facilitation and fail proof procedures. We are not discussing this, I know. Just for completeness...

By 'easier', I was referring to the ease and convenience of the encryption. You don't need to enter a password because you're using a pre-generated key. This is arguably more secure in addition to the convenience. Passwords are a weak link in most cases. I'm not sure I follow you with your argument that asymmetric encryption diminishes security, if in fact that's what you're saying.

Asymmetric algorithms do not the same job as the others. Apart from that, key generation and key management are not easy.

Tell me how you secure your keys. If you do not use a password, than we are discussing a moot point.
But I have all from the books, from Internet-sources, many discussions, trial, error, corrections from some people that I still keep in high esteem and from my experience.
I cannot try to show off with my own wisdom. So better go somewhere else for clarifications.

I don't think you completely understand how gpg works. And I don't think we can have a productive conversation on this issue. So I'm bailing out on this one.

These are not questions of belief. I know, you believe.