Reputation: 2076
How to use gpg, gpg-agent, especially for .authinfo.gpg?
(kubuntu, but trying to remain platform independent in my approaches.)
Either of conceptual explanations or necessary steps are appreciated.
I'm reading through the documentation, and tried to get gpg-agent to work once, but am getting discouraged as each attempt will require a reboot, and I don't really understand how it works in the first place (just cutting and pasting code).
I want to use gpg-agent so that I can try out GNUS without entering passphrase on .authinfo.gpg every time I open GNUS.
I'd like to understand more about the process before I dig into the problem more.
- Is a
gpg --gen-keynecessary before usinggpg-agentfor.authinfo.gpg? - Are the config lines mentioning
SSHnecessary for my minimal use ofgpg? - Is
.authinfo.gpgto take position on some keychain? Does that keychain itself need a master key?
Please correct me on the imagined flow of the process. (Is an absent key needed?). I regret that it is very sparse.
- After boot, initialization turns on the
gpgdaemon, and other related settings are made. - When
GNUSaccesses.authinfo.gpg, it caches something withgpg-agent.
Here are some more details I consider.
The following variables are set
GPG_AGENT_INFO ${HOME}/.gpg-agent-info
GPG_TTY $(TTY)
In ~/.gnupg/gpg.conf, we need to see use-agent. I leave the dummy #default-key ******** commented out, as I believe it's only needed if you have more than one key.
In ~/.gnupg/gpg-agent.conf, we need to see
pinentry-program /usr/bin/pinentry-qt4
no-grab
default-cache-ttl 1800
(Though, pinentry-qt4 might be replaced with other present versions, such as pinentry-curses.)
There may be some redundancies, but I've also seen lines for I assume .bashrc, such as eval $(gpg-agent --daemon), or
gpg-agent --daemon \
--write-env-file "${HOME}/.gpg-agent-info"
(I've omitted lines regarding SSH, as I assume I don't need this for now.)
I've seen a troubleshooting command
echo "test" | gpg -ase -r 0xMYKEYID | gpg
but since I wasn't sure if I needed a key in the first place, I didn't go further with this.
Upvotes: 4
Views: 4263
Answers (1)
Reputation: 2076
Here is my very amateur tutorial in reply to my own question.
To check if gpg-agent is already enabled, try
ps aux | grep gpg
I find
iam@heeere:/e$ ps aux | grep gpg
iam 1490 0.0 0.0 16728 900 ? Ss 17:25 0:00 gpg-agent --daemon --sh
iam 2611 0.0 0.0 11748 912 pts/0 S+ 17:33 0:00 grep --color=auto gpg
This together with
(setq epg-gpg-program "/usr/bin/gpg2")
seemed to solve my problem. As Jens Erat pointed out, gpg-agent is associated with gpg2, not gpg.
In fact, I deleted all the modifications I had made from
GnuPG and EasyPG Assistant Configuration - Emacs auth-source Library,
and it still worked perfectly. That is, no eval $(gpg-agent --daemon), no gpg-agent.conf needed. Though, I may add some back, for instance default-cache-ttl. And while pinentry-curses looks appealing, I think greater minds than mine have struggled with preventing gpg-agent using pop-up from Emacs, so I'll leave that alone.
Upvotes: 1
Related Questions
- Emacs + GPG + pinentry.el for authentication
- How do I install and use gpg-agent on Windows?
- How to easily get password from authinfo.gpg
- Unable to commit to git with the gpg key error
- How to use GPG on Windows to authenticate to Github for SSH?
- gpg2: How to use another secret and public keyring?
- can't use gpg-agent as an ssh agent
- Purpose of gpg-agent in gpg2
- Using GPG with org-mode
- gpg-agent in gpg2