[SOLVED] Recommended way to run gpg-agent in newer versions of GnuPG?

thiagowfx · 2015-01-06 20:48:03

First, let me be clear about my final objective: I want to be asked for my GnuPG password only *once* per session. More precisely, in gnupg 2.1.x.

I used to do that with the GPG_AGENT_INFO environment variable, but it is deprecated and ignored now. I don't exactly remember how I used to do it, but I remember about executing a file (maybe gpg-agent itself), and then setting and exporting this variable. But this isn't valid anymore, so it doesn't matter.

Up to today, I was using the keychain program by Daniel Robbins to initialize both ssh and gpg agents for me. Ssh is working very well (I am asked for a password only once), but gpg is not. I believe this is directly related to the fact that the GPG_AGENT_INFO variable is deprecated (and ignored) now, though I'm not 100% sure. Also, the latest date it was packaged is in Aug 2013, which was before this major gnupg upgrade (IIRC).

Finally, unless I've missed something from it, our wiki doesn't have information on how to handle this situation with newer GnuPG versions.

So, what is a reliable way of being asked only once per session for the gnupg password? The KISSer the solution, the better for me.

Last edited by thiagowfx (2015-01-08 14:31:17)

jasonwryan · 2015-01-06 21:45:07

See https://lists.archlinux.org/pipermail/a … 38082.html

thiagowfx · 2015-01-08 04:28:23

Indeed, I should have mentioned that mutt was the reason for me to create this thread, despite of me using GnuPG for other purposes too.

I tried setting

export GPG_AGENT_INFO=""

in my ~/.zprofile but it didn't worked (note: I rebooted the computer after changing this file). Mutt keeps asking me for the password. It asks me the first time I execute it in a session; now, if I immediately close it then re-open it, it won't ask me the password again. I can do it as many times as I want, and it won't ask me the password again. However, after a few minutes (maybe 15, 20? Not really sure), it will ask me the password again if I re-open it.

I did a quick test with gpg --decrypt after those [15|20] minutes and gpg asked me the password too.

So I believe this issue isn't related with mutt. It is like there is a timeout in the gpg-agent, like with sudo. With sudo, I know that it will ask me the password again after a while, its timeout is natural. Does this timeout also exist with GnuPG? If so, then the feature I'm searching for is how to set it to infinite, or how to disable it, so I will enter with my password only once per session.

I'll try now with

export GPG_AGENT_INFO="$HOME/.gnupg/S.gpg-agent"

but, to be honest, I don't expect it to work either.

Last edited by thiagowfx (2015-01-08 04:29:33)

jasonwryan · 2015-01-08 05:25:53

Did you read the entire thread? My first post pretty much sets out what I changed in order to get it working as it had prior to the upgrade.

You set the timeout for your agent in your ~/.gnupg/gpg-agent.conf and for mutt's cache in your .muttrc or the gpg file you source from it.

thiagowfx · 2015-01-08 13:22:25

No, I read just a few posts prior to the one you indicated to me. I figured out if you wanted me to read it entirely you would point me to the first message of it, that's why I only mentioned the GPG_AGENT_INFO variable.

Anyway, I just updated my mutt configuration with what you suggested in there. For future reference,

set crypt_use_gpgme = yes

For the timeout

man 1 gpg-agent

See max-cache-ttl and default-cache-ttl. Or see this. By the way, the default timeout is 600 seconds (=10 minutes).

I'll now test these new configurations.

thiagowfx · 2015-01-08 14:29:13

Okay, it works. Thanks, Jason.

More future reference:

~/.zprofile (part of it):
export GPG_TTY=$(tty)
export GPG_AGENT_INFO=""

# Keychain: ssh-agent autostart
eval $(keychain --eval -Q --quiet id_dsa id_rsa)

% cat .gnupg/gpg-agent.conf 
max-cache-ttl 60480000
default-cache-ttl 60480000

jasonwryan · 2015-01-08 16:16:38

thiagowfx wrote:

No, I read just a few posts prior to the one you indicated to me. I figured out if you wanted me to read it entirely you would point me to the first message of it, that's why I only mentioned the GPG_AGENT_INFO variable.

Ah: that was because I didn't know it was a mutt-related issue at that point.

Glad you got it sorted.

Arch Linux

#1 2015-01-06 20:48:03

[SOLVED] Recommended way to run gpg-agent in newer versions of GnuPG?

#2 2015-01-06 21:45:07

Re: [SOLVED] Recommended way to run gpg-agent in newer versions of GnuPG?

#3 2015-01-08 04:28:23

Re: [SOLVED] Recommended way to run gpg-agent in newer versions of GnuPG?

#4 2015-01-08 05:25:53

Re: [SOLVED] Recommended way to run gpg-agent in newer versions of GnuPG?

#5 2015-01-08 13:22:25

Re: [SOLVED] Recommended way to run gpg-agent in newer versions of GnuPG?

#6 2015-01-08 14:29:13

Re: [SOLVED] Recommended way to run gpg-agent in newer versions of GnuPG?

#7 2015-01-08 16:16:38

Re: [SOLVED] Recommended way to run gpg-agent in newer versions of GnuPG?

Board footer