GnuPG

From ArchWiki

Jump to: navigation, search

GnuPG can be used to sign and encrypt files or mails.

gpg-agent

The gpg-agent is mostly used as daemon to request and cache the password for the keychain. This is useful if GnuPG is used from an external program like kmail. It can be activated by adding following line in ~/.gnupg/gpg.conf:

use-agent

This tells GnuPG to use the agent whenever it needs the password. However, the agent needs to run already. The best way is to start the agent at login. Since kdm doesn't parse ~/.xsession or ~/xinitrc the following gpg-agent-startub can be added to /etc/kde/env/:

eval "$(gpg-agent --daemon)"

This solution doesn't check, if the agent is already running!

This one only starts one agent and will reuse it:

 envfile="${HOME}/.gpginfo"
 if test -f ${envfile} && kill -0 $(cut -d: -f 2 ${envfile} | head -n 1) 2>/dev/null; then
   eval $(cat ${envfile})
   else
   eval `/usr/bin/gpg-agent --daemon --enable-ssh-support --write-env-file ${envfile}`
 fi
 export GPG_AGENT_INFO
 export SSH_AUTH_SOCK
 export SSH_AGENT_PID


Finally, the agent needs to know, how to ask the user for the password. This can be set in ~/.gnupg/gpg-agent.conf:

pinentry-program /usr/bin/pinentry-gtk-2
no-grab
default-cache-ttl 1800
Personal tools