Talk:GnuPG

From ArchWiki
Jump to: navigation, search

gpg-agent socket path

Under the SSH agent section, no matter if I set GNUPGHOME to ~/.gnupg or not, my gpg-agent does not work for SSH because the S.gpg-agent.ssh is not create in my ~/.gnupg directory. The S.gpg-agent.ssh file is created at /run/user/$UID/gnupg. If GNUPGHOME needs to be a specific directory such as /run/user/$UID/gnupg or a symlink needs to exist in the ~/.gnupg directory then that should be explained in the wiki article.

—This unsigned comment is by Dmp1ce (talk) 14:43, 23 June 2016‎. Please sign your posts with ~~~~!

I can't find any reference of gpg using /run/user/$UID/gnupg by default. How do you start gpg-agent and what is in your gpg-agent.conf? -- Lahwaacz (talk) 14:47, 23 June 2016 (UTC)
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=aab8a0b05292b0d06e3001a0b289224cb7156dbd
https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000390.html
Scimmia (talk) 14:49, 23 June 2016 (UTC)
I start with gpg-connect-agent /bye >/dev/null 2>&1 Dmp1ce (talk)
My gpg-agent.conf
# Cache settings
default-cache-ttl 10800
default-cache-ttl-ssh 10800

# Enable SSH support
enable-ssh-support

# Keyboard control
#no-grab
 
# PIN entry program
#pinentry-program /usr/bin/pinentry-curses
#pinentry-program /usr/bin/pinentry-qt4
#pinentry-program /usr/bin/pinentry-kwallet
#pinentry-program /usr/bin/pinentry-gtk-2

# For duply
allow-loopback-pinentry
--Dmp1ce (talk) 15:02, 23 June 2016 (UTC)
OK, thank you for correcting me. I've added the rest of the story, closing. -- Lahwaacz (talk) 15:27, 23 June 2016 (UTC)
Pretty sure this isn't correct. Everything says it will use /run/usr/$UID/ if it exists, and systemd uses it, so it exists on every (supported) Arch system.
Scimmia (talk) 15:34, 23 June 2016 (UTC)
The commit message says:
To cope with non standard homedirs (via GNUPGHOME or --homedir) the
SHA-1 hash of the homedir is computed, left truncated to 120 bits,
zBase-32 encoded, prefixed with "d.", and appended to
"[/var]/run/user/$(id -u)/gnupg/".  If that directory exists and has
proper permissions it is returned as socket dir - if not the homedir
is used.  Due to cleanup issues, this directory will not be
auto-created but needs to be created by the user in advance.
That's also the reason why the --create-socketdir and --remove-socketdir commands were added to gpgconf, as mentioned in the changelog.
-- Lahwaacz (talk) 15:41, 23 June 2016 (UTC)
Ah, to run multiple agents. Got it, thanks. Scimmia (talk) 15:50, 23 June 2016 (UTC)

gnupg_SSH_AUTH_SOCK_by

In GnuPG#SSH_agent, the test if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then has been taken from the gpg-agent(1) man page, but it's not clear what's the purpose of the gnupg_SSH_AUTH_SOCK_by variable. In [1] it says that it's "often used for testing", but I don't quite get it. -- Lahwaacz (talk) 09:15, 24 June 2016 (UTC)

gnupg_SSH_AUTH_SOCK_by is used by gpg-agent but I'm not sure the reason behind it. Here is the code in gpg-agent that used that environment variable. http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=agent/gpg-agent.c;hb=7bca3be65e510eda40572327b87922834ebe07eb#l1307 --Dmp1ce (talk) 18:44, 24 June 2016 (UTC)
Thanks, I think that I got it now: [2]. -- Lahwaacz (talk) 18:04, 16 July 2016 (UTC)

System login with gnupg smartcard (yubikey, p-card, rsa token, etc)

gnupg with poldi can be used for system login. There is a thread asking whether it is possible to use gpg for system login. A new tip section explaining gnupg smartcard for logging into Arch Linux system is a nice addition here.

Alive4ever (talk) 02:27, 4 August 2016 (UTC)

User configuration files not created

Per the wiki, it states, "You will find skeleton files in /usr/share/gnupg. These files are copied to ~/.gnupg the first time gpg is run if they do not exist there."

I could very well be doing something wrong so I'd ask that this could be verified. If we need to copy skel configuration files, it should be clearly explained in the wiki shouldn't it?

I was unable to import public keys until I manually created a blank ~/.gnupg/gpg.conf with just a keyserver in it.

I also found this when searching for info, https://manned.org/gpgv2/2862e42d. It states: There are no configuration files and only a few options are implemented.

NuSkool (talk) 04:09, 26 September 2016 (UTC)