Talk:GnuPG

From ArchWiki
Jump to navigation Jump to search

System login with gnupg smartcard (yubikey, p-card, rsa token, etc)

gnupg with poldi can be used for system login. There is a thread asking whether it is possible to use gpg for system login. A new tip section explaining gnupg smartcard for logging into Arch Linux system is a nice addition here.

Alive4ever (talk) 02:27, 4 August 2016 (UTC)

User configuration files not created

Per the wiki, it states, "You will find skeleton files in /usr/share/gnupg. These files are copied to ~/.gnupg the first time gpg is run if they do not exist there."

I could very well be doing something wrong so I'd ask that this could be verified. If we need to copy skel configuration files, it should be clearly explained in the wiki shouldn't it?

I was unable to import public keys until I manually created a blank ~/.gnupg/gpg.conf with just keyserver pgp.mit.edu in it.

I also found this when searching for info, https://manned.org/gpgv2/2862e42d. It states: There are no configuration files and only a few options are implemented.

NuSkool (talk) 04:09, 26 September 2016 (UTC)

Recommendation to add

By default, no skeleton files exist (as mentioned above) but in my case the lack of a dirmngr.conf meant that any --recv-keys failed with useful(?) errors like "gpg: keyserver receive failed: Server indicated a failure" or "gpg: error searching keyserver: Server indicated a failure". Route to get here was via makepkg, and so I skipped all the installation steps etc since gpg was already installed and went straight for a recv.

   echo > $HOME/.gnupg/dirmngr.conf 'standard-resolver'

Beepboo (talk) 17:09, 22 March 2020 (UTC)

A comment on provided code snippet

The test from Set_SSH_AUTH_SOCK :

   [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]

would probably always fail, since [1] sets gnupg_SSH_AUTH_SOCK_by to the process id of gpg-agent, and the line above tests it for the process id of the bash process.

Therefore,

   export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" 

will probably get executed every time. However, it most likely wouldn't break anything since at worst it will reset SSH_AUTH_SOCK to the same value.

—This unsigned comment is by Thread13 (talk) 11:16, 1 May 2021‎ (UTC). Please sign your posts with ~~~~!

Invalid IPC response and Inappropriate ioctl for device

I solved this problem simply by removing an # inside /etc/pinentry/preexec enabling the desired option and then setting /usr/bin/pinentry as default. Pavlov (talk) 15:19, 2 May 2021 (UTC)