Talk:GnuPG

From ArchWiki
Jump to: navigation, search

gpg-agent socket path

Under the SSH agent section, no matter if I set GNUPGHOME to ~/.gnupg or not, my gpg-agent does not work for SSH because the S.gpg-agent.ssh is not create in my ~/.gnupg directory. The S.gpg-agent.ssh file is created at /run/user/$UID/gnupg. If GNUPGHOME needs to be a specific directory such as /run/user/$UID/gnupg or a symlink needs to exist in the ~/.gnupg directory then that should be explained in the wiki article.

—This unsigned comment is by Dmp1ce (talk) 14:43, 23 June 2016‎. Please sign your posts with ~~~~!

I can't find any reference of gpg using /run/user/$UID/gnupg by default. How do you start gpg-agent and what is in your gpg-agent.conf? -- Lahwaacz (talk) 14:47, 23 June 2016 (UTC)
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=aab8a0b05292b0d06e3001a0b289224cb7156dbd
https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000390.html
Scimmia (talk) 14:49, 23 June 2016 (UTC)
I start with gpg-connect-agent /bye >/dev/null 2>&1 Dmp1ce (talk)
My gpg-agent.conf
# Cache settings
default-cache-ttl 10800
default-cache-ttl-ssh 10800

# Enable SSH support
enable-ssh-support

# Keyboard control
#no-grab
 
# PIN entry program
#pinentry-program /usr/bin/pinentry-curses
#pinentry-program /usr/bin/pinentry-qt4
#pinentry-program /usr/bin/pinentry-kwallet
#pinentry-program /usr/bin/pinentry-gtk-2

# For duply
allow-loopback-pinentry
--Dmp1ce (talk) 15:02, 23 June 2016 (UTC)
OK, thank you for correcting me. I've added the rest of the story, closing. -- Lahwaacz (talk) 15:27, 23 June 2016 (UTC)
Pretty sure this isn't correct. Everything says it will use /run/usr/$UID/ if it exists, and systemd uses it, so it exists on every (supported) Arch system.
Scimmia (talk) 15:34, 23 June 2016 (UTC)
The commit message says:
To cope with non standard homedirs (via GNUPGHOME or --homedir) the
SHA-1 hash of the homedir is computed, left truncated to 120 bits,
zBase-32 encoded, prefixed with "d.", and appended to
"[/var]/run/user/$(id -u)/gnupg/".  If that directory exists and has
proper permissions it is returned as socket dir - if not the homedir
is used.  Due to cleanup issues, this directory will not be
auto-created but needs to be created by the user in advance.
That's also the reason why the --create-socketdir and --remove-socketdir commands were added to gpgconf, as mentioned in the changelog.
-- Lahwaacz (talk) 15:41, 23 June 2016 (UTC)
Ah, to run multiple agents. Got it, thanks. Scimmia (talk) 15:50, 23 June 2016 (UTC)

gnupg_SSH_AUTH_SOCK_by

In GnuPG#SSH_agent, the test if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then has been taken from the gpg-agent(1) man page, but it's not clear what's the purpose of the gnupg_SSH_AUTH_SOCK_by variable. In [1] it says that it's "often used for testing", but I don't quite get it. -- Lahwaacz (talk) 09:15, 24 June 2016 (UTC)

gnupg_SSH_AUTH_SOCK_by is used by gpg-agent but I'm not sure the reason behind it. Here is the code in gpg-agent that used that environment variable. http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=agent/gpg-agent.c;hb=7bca3be65e510eda40572327b87922834ebe07eb#l1307 --Dmp1ce (talk) 18:44, 24 June 2016 (UTC)
Thanks, I think that I got it now: [2]. -- Lahwaacz (talk) 18:04, 16 July 2016 (UTC)