Running gpg-agent and caching the passphrase
Hi,
I'm trying to get gpg-agent running under 8.2 using the same setup I've
had on my linux box.
The agent is started via .xinitrc:
export GPG_TTY=$(tty)
if [ -z `pgrep gpg-agent` ]; then
eval $(gpg-agent --daemon --write-env-file ${HOME}/.gpg-agent-info \
--log-file ${HOME}/.gnupg/gpg-agent.log)
fi
The agent is up and running (checked via ps) and the option use-agent
is set in gpg.conf. As pinentry I installed pinentry-gtk2.
If I try to sign or decrypt something the pinentry window comes up and
asks for my passphrase. So far so good but I want it to cache my
passphrase for some time.
My ~/.gnupg/gpg-agent.conf:
default-cache-ttl = 3600
But no matter what option I set the passphrase is not cached and there
is no error message in the logs.
I don't know if this is the right place to ask but the same setup was
running on my linux box without problems so I guess this might be bsd
related.
Regards,
Jens
P.S.: I use ssh-agent also and it works without problems. While using
gpg-agent with the ssh option ask for the passphrase every time the key
is used.
--
21. Wonnemond 2011, 08:24
Homepage : http://www.jan0sch.de
A crow perched himself on a telephone wire. He was going to
make a long-distance caw.
pgpTzxhv4Z7cG.pgp
Description: PGP signature
Re: Running gpg-agent and caching the passphrase
On Sat, 21 May 2011 08:34:21 +0200 Jens Jahnke jan0...@gmx.net wrote: But no matter what option I set the passphrase is not cached and there is no error message in the logs. I don't know if this is the right place to ask but the same setup was running on my linux box without problems so I guess this might be bsd related. Have you considered to use (security/)keychain? It's very handy for the purpose. It's invoked by putting something like: eval `keychain --eval id_rsa your_gpg_key` in e.g. your .zshrc. Sincerely, Gour -- “In the material world, conceptions of good and bad are all mental speculations…” (Sri Caitanya Mahaprabhu) http://atmarama.net | Hlapicina (Croatia) | GPG: 52B5C810 signature.asc Description: PGP signature
Re: Running gpg-agent and caching the passphrase
On Sat, May 21, 2011 at 08:34:21AM +0200, Jens Jahnke wrote:
Hi,
I'm trying to get gpg-agent running under 8.2 using the same setup I've
had on my linux box.
The agent is started via .xinitrc:
export GPG_TTY=$(tty)
if [ -z `pgrep gpg-agent` ]; then
eval $(gpg-agent --daemon --write-env-file ${HOME}/.gpg-agent-info \
--log-file ${HOME}/.gnupg/gpg-agent.log)
fi
The agent is up and running (checked via ps) and the option use-agent
is set in gpg.conf. As pinentry I installed pinentry-gtk2.
If I try to sign or decrypt something the pinentry window comes up and
asks for my passphrase. So far so good but I want it to cache my
passphrase for some time.
My ~/.gnupg/gpg-agent.conf:
default-cache-ttl = 3600
Try:
default-cache-ttl 3600
(no equals sign)
But no matter what option I set the passphrase is not cached and there
is no error message in the logs.
I don't know if this is the right place to ask but the same setup was
running on my linux box without problems so I guess this might be bsd
related.
Regards,
Jens
P.S.: I use ssh-agent also and it works without problems. While using
gpg-agent with the ssh option ask for the passphrase every time the key
is used.
Regards,
--
Frank
Contact info: http://www.shute.org.uk/misc/contact.html
pgpqEJsm1Lrgk.pgp
Description: PGP signature
Re: Running gpg-agent and caching the passphrase
On Sat, 21 May 2011 09:02:27 +0100 Frank Shute fr...@shute.org.uk wrote: FS Try: FS FS default-cache-ttl 3600 FS FS (no equals sign) Woah, stupid me. Thanks for the tip. It works now. =) Regards, Jens -- 21. Wonnemond 2011, 12:07 Homepage : http://www.jan0sch.de To be sure of hitting the target, shoot first and, whatever you hit, call it the target. pgpqz8RiWHxOA.pgp Description: PGP signature
gpg-agent
I have been having trouble getting gpg-agent to work. kgpg complained about the agent not running. I added this to my ~/.bashrc: GPG_TTY=`tty` export GPG_TTY This seems to have taken care of the problem but it only works when my default shell is bash. If my shell is tcsh, it doesn't work. This is what I have in my ~/.cshrc: setenv GPG_TTY tty Apparently this is wrong. Any ideas as to what I can try? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gpg-agent
I have been having trouble getting gpg-agent to work. kgpg complained about the agent not running. I added this to my ~/.bashrc: GPG_TTY=`tty` export GPG_TTY This seems to have taken care of the problem but it only works when my default shell is bash. If my shell is tcsh, it doesn't work. This is what I have in my ~/.cshrc: setenv GPG_TTY tty Apparently this is wrong. Any ideas as to what I can try? I noticed that you're using backticks, so GPG_TTY gets set to the output of the tty command - not the text tty itself. Perhaps you want this? setenv GPG_TTY `tty` -- Matt Emmerton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gpg-agent
On Tuesday 10 July 2007 19:24:33 Matt Emmerton wrote: I have been having trouble getting gpg-agent to work. kgpg complained about the agent not running. I added this to my ~/.bashrc: GPG_TTY=`tty` export GPG_TTY This seems to have taken care of the problem but it only works when my default shell is bash. If my shell is tcsh, it doesn't work. This is what I have in my ~/.cshrc: setenv GPG_TTY tty Apparently this is wrong. Any ideas as to what I can try? I noticed that you're using backticks, so GPG_TTY gets set to the output of the tty command - not the text tty itself. Perhaps you want this? setenv GPG_TTY `tty` Thanks, I forgot to put in the backticks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using gpg-agent on freebsd
On Thursday March 08, 2007 at 10:19:27 (PM) Joe Vender wrote: I'm using FreeBSD 6.2 I've been tinkering with using gpg-agent for GnuPG passphrase caching when using Kmail. I have been able to get it working as per the instructions at http://freebsd.kde.org/howtos/gnupg-kmail.php for starting the daemon when entering KDE. But, I want to start gpg-agent when the sytem starts and I login to console mode (not just when I enter KDE), and I want Kmail to use the agent for GnuPG usage. Could someone please describe to me the details of the steps that I need to take and the file modifications that I need to make for this to work. Again, I want the gpg-agent to be up and running when I login to the console, also when I log into KDE, I want Kmail to use the agent. The way I log into KDE is to first login to the console via a limited user account, then do sudo kdm and log into KDE using the same limited user account. I have root login disabled for both console and KDE. I've read the instructions for using a ~/.xinitrc or ~/.xsession to start the gpg-agent daemon when logging into kde, but I have neither file in my home directory, and anyway want the daemon running upon entering console mode login, i.e., running always and only one gpg-agent process running at any given time. Please CC my email address with any responses. Thanks very much for suggestions. FreeBSD rocks! Read 'man gpg-agent'. It has a script that may very well be exactly what you want. -- Gerard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pgp-mime on kmail without gpg-agent
Is it possible to use pgp-mime on kmail without using gpg-agent? When I try it, decryption fails with an error message about a bad passphrase, even though kmail never even prompts for a passphrase when opening an pgp-mime encrypted mail if I don't have gnupg set to use an agent and no agent is running. Joe ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Using gpg-agent on freebsd
I'm using FreeBSD 6.2 I've been tinkering with using gpg-agent for GnuPG passphrase caching when using Kmail. I have been able to get it working as per the instructions at http://freebsd.kde.org/howtos/gnupg-kmail.php for starting the daemon when entering KDE. But, I want to start gpg-agent when the sytem starts and I login to console mode (not just when I enter KDE), and I want Kmail to use the agent for GnuPG usage. Could someone please describe to me the details of the steps that I need to take and the file modifications that I need to make for this to work. Again, I want the gpg-agent to be up and running when I login to the console, also when I log into KDE, I want Kmail to use the agent. The way I log into KDE is to first login to the console via a limited user account, then do sudo kdm and log into KDE using the same limited user account. I have root login disabled for both console and KDE. I've read the instructions for using a ~/.xinitrc or ~/.xsession to start the gpg-agent daemon when logging into kde, but I have neither file in my home directory, and anyway want the daemon running upon entering console mode login, i.e., running always and only one gpg-agent process running at any given time. Please CC my email address with any responses. Thanks very much for suggestions. FreeBSD rocks! Joe Vender ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Using gpg-agent on freebsd
Disregard my previous request for instructions. I've figured out how to get it to work. I simply added the gpg-agent initiation command to the system-wide /etc/profile file. It works as expected. Joe ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Starting gpg-agent
I usually start KDE with the 'startx' command. I would like to start 'gpg-agent' at the same time, and possibly shut it down when I exit from KDE. Is there a way that I can do this without having to resort to manually starting gpg-agent prior to starting KDE? Ciao, -- Gerard Seibert [EMAIL PROTECTED] pgpOEQaLzE3fW.pgp Description: PGP signature
Re: Starting gpg-agent
On Sat, 28 Jan 2006 08:19:44 -0500 Gerard Seibert [EMAIL PROTECTED] wrote: I usually start KDE with the 'startx' command. I would like to start 'gpg-agent' at the same time, and possibly shut it down when I exit from KDE. Is there a way that I can do this without having to resort to manually starting gpg-agent prior to starting KDE? You can put 'gpg-agent ' into your ~/.xinitrc -- A man who has nothing for which he is willing to fight, nothing which is more important than his own personal safety, is a miserable creature and has no chance of being free unless made and kept so by the exertions of better men than himself. -- John Stuart Mill pgpl0vXHm6CVN.pgp Description: PGP signature
Re: Starting gpg-agent
On Sat, 28 Jan 2006 14:34:41 +0100, Felix 'buebo' Kakrow wrote: Gerard Seibert [EMAIL PROTECTED] wrote: I usually start KDE with the 'startx' command. I would like to start 'gpg-agent' at the same time, and possibly shut it down when I exit from KDE. Is there a way that I can do this without having to resort to manually starting gpg-agent prior to starting KDE? You can put 'gpg-agent ' into your ~/.xinitrc Is there any special format or just an entry like this: /usr/local/bin/gpg-agent --daemon placed before the 'startkde' statement? Thanks -- Gerard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Starting gpg-agent
On Saturday 28 January 2006 04:34, Felix 'buebo' Kakrow wrote: On Sat, 28 Jan 2006 08:19:44 -0500 Gerard Seibert [EMAIL PROTECTED] wrote: I usually start KDE with the 'startx' command. I would like to start 'gpg-agent' at the same time, and possibly shut it down when I exit from KDE. Is there a way that I can do this without having to resort to manually starting gpg-agent prior to starting KDE? You can put 'gpg-agent ' into your ~/.xinitrc Append the line use-agent to ~/.gnupg/gpg.conf without the quotes. Then add the following to ~/.xinitrc before startkde: eval $(gpg-agent --daemon --sh) Beech -- --- Beech Rintoul - Sys. Administrator - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | Alaska Paradise Travel \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - Please visit Alaska Paradise - http://www.alaskaparadise.com --- pgp1z6Aj85eJQ.pgp Description: PGP signature
Re: Starting gpg-agent
On Sat, 28 Jan 2006 14:25:10 -0500 Gerard Seibert [EMAIL PROTECTED] wrote: Is there any special format or just an entry like this: /usr/local/bin/gpg-agent --daemon That should do it. The only thing to consider is that you have to terminate commands that stay in the foreground with a '' so that they are detached and the next item is run. Only the last command - 'startkde' in this case - shoud be in the foreground. When this terminates, the X session is over. Essentially '.xinitrc' and '.xsession' are just plain shell scripts and follow the syntax of your shell. -- This is the nineties, Bubba, and there is no such thing as paranoia. It's all true. -- Hunter S Thompson pgpHQJ8RaGXiU.pgp Description: PGP signature
gpg-agent help
I'm trying to get gpg-agent to work with mutt, with very little success. I start up the agent in ~/.xinitrc: eval `/usr/local/bin/gpg-agent --daemon -s` Have gnupg configured to use the agent in .gnupg/gpg.conf: use-agent And use what seems to be a pretty standard agent configuration: pinentry-program /usr/local/bin/pinentry-qt no-grab default-cache-ttl 1800 The problem is that GnuPG doesn't seem to want to actually /use/ the agent. When I try to sign something, pinentry-qt launches, I enter my passphrase, and the file is successfully signed. Every time. There's no passphrase caching (which is what gpg-agent does, correct?). The only thing that might be weird is that my signing key is actually a /secondary/ key, but I wouldn't have thought that would cause issues. gpg throws no errors. Nothing about gpg-agent not being available. It just plain doesn't seem to want to work for me, nor tell me why: % gpg -v -as test.txt gpg: using secondary key 9C22B029 instead of primary key C2889CC9 You need a passphrase to unlock the secret key for user: Damian Gerow [EMAIL PROTECTED] gpg: using secondary key 9C22B029 instead of primary key C2889CC9 1024-bit DSA key, ID 9C22B029, created 2004-04-10 (main key ID C2889CC9) gpg: writing to `test.txt.asc' gpg: DSA/SHA1 signature from: 9C22B029 Damian Gerow [EMAIL PROTECTED] % Any help? Please Cc: me, as I'm not on the list... - Damian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
gpg-agent problems...
Hello list, First off, please respond to me in a CC, as I'm not subscribed to this list. Secondly, I've set this up a few times now, and it's always just worked, but this time I've got errors. I'm trying to set up the pgp/MIME plugin. Everything is working fine, except I never get the pinentry-qt window. When I try to run the test, listed on http://kmail.kde.org/kmail-pgpmime-howto.html, I get the following: %echo test | gpg -ase -r 0x3290089C | gpg You need a passphrase to unlock the secret key for user: Eric F Crist [EMAIL PROTECTED] 1024-bit DSA key, ID 33114086, created 2004-01-06 gpg: problem with the agent - disabling agent use Enter passphrase: Never getting the window. I can't find why there is a problem with the agent. I don't see anything in the log files or anything, unless I'm looking in the wrong place. I'm running the following: %uname -a FreeBSD nomad.secure-computing.net 5.2.1-RELEASE-p5 FreeBSD 5.2.1-RELEASE-p5 #1: Fri Apr 23 09:16:19 CDT 2004 [EMAIL PROTECTED]:/usr/src/sys/i386/compile/NOMAD i386 Kmail version: 1.6.1 using KDE 3.2.1. gpg version: gnupg ver 1.2.4 Please help. Thanks. Eric F Crist -- Illinois isn't exactly the land that God forgot -- it's more like the land He's trying to ignore. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gpg-agent problems...
On Thursday 20 May 2004 19:23, Eric Crist wrote: Hello list, First off, please respond to me in a CC, as I'm not subscribed to this list. Secondly, I've set this up a few times now, and it's always just worked, but this time I've got errors. I'm trying to set up the pgp/MIME plugin. Everything is working fine, except I never get the pinentry-qt window. When I try to run the test, listed on http://kmail.kde.org/kmail-pgpmime-howto.html, I get the following: %echo test | gpg -ase -r 0x3290089C | gpg You need a passphrase to unlock the secret key for user: Eric F Crist [EMAIL PROTECTED] 1024-bit DSA key, ID 33114086, created 2004-01-06 Does the window open when you use your default key? It's defined in ~/.gnupg/gpg.conf or whatever name you choosed for the config file. Try %echo test | gpg -ase -r 0x33114086 | gpg -- Christian Hiris [EMAIL PROTECTED] | OpenPGP KeyID 0x941B6B0B OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu pgpX05f9qR1go.pgp Description: signature
Re: gpg-agent problems...
On Thursday 20 May 2004 14:11, you wrote: On Thursday 20 May 2004 19:23, Eric Crist wrote: Hello list, First off, please respond to me in a CC, as I'm not subscribed to this list. Secondly, I've set this up a few times now, and it's always just worked, but this time I've got errors. I'm trying to set up the pgp/MIME plugin. Everything is working fine, except I never get the pinentry-qt window. When I try to run the test, listed on http://kmail.kde.org/kmail-pgpmime-howto.html, I get the following: %echo test | gpg -ase -r 0x3290089C | gpg You need a passphrase to unlock the secret key for user: Eric F Crist [EMAIL PROTECTED] 1024-bit DSA key, ID 33114086, created 2004-01-06 Does the window open when you use your default key? It's defined in ~/.gnupg/gpg.conf or whatever name you choosed for the config file. Try %echo test | gpg -ase -r 0x33114086 | gpg Well, that's basically the same thing I mentioned in my email, but here's the out put of that, and no windows popped open. %echo test | gpg -ase -r 0x33114086 | gpg You need a passphrase to unlock the secret key for user: Eric F Crist [EMAIL PROTECTED] 1024-bit DSA key, ID 33114086, created 2004-01-06 gpg: problem with the agent - disabling agent use Enter passphrase: -- Mosher's Law of Software Engineering: Don't worry if it doesn't work right. If everything did, you'd be out of a job. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: gpg-agent problems...
On Thursday 20 May 2004 21:22, Eric Crist wrote: On Thursday 20 May 2004 14:11, you wrote: On Thursday 20 May 2004 19:23, Eric Crist wrote: Hello list, First off, please respond to me in a CC, as I'm not subscribed to this list. Secondly, I've set this up a few times now, and it's always just worked, but this time I've got errors. I'm trying to set up the pgp/MIME plugin. Everything is working fine, except I never get the pinentry-qt window. When I try to run the test, listed on http://kmail.kde.org/kmail-pgpmime-howto.html, I get the following: %echo test | gpg -ase -r 0x3290089C | gpg You need a passphrase to unlock the secret key for user: Eric F Crist [EMAIL PROTECTED] 1024-bit DSA key, ID 33114086, created 2004-01-06 Does the window open when you use your default key? It's defined in ~/.gnupg/gpg.conf or whatever name you choosed for the config file. Try %echo test | gpg -ase -r 0x33114086 | gpg Well, that's basically the same thing I mentioned in my email, but here's the out put of that, and no windows popped open. %echo test | gpg -ase -r 0x33114086 | gpg You need a passphrase to unlock the secret key for user: Eric F Crist [EMAIL PROTECTED] 1024-bit DSA key, ID 33114086, created 2004-01-06 gpg: problem with the agent - disabling agent use Enter passphrase: Ok, then check your gpg-agent.conf file. You need to restart the gpg-agent if you add or change the gpg-agent.conf file. %cat ~/.gnupg/gpg-agent.conf pinentry-program /usr/local/bin/pinentry-qt no-grab default-cache-ttl 1800 If that doesn't work, you can give the gtk window a try. change the line pinentry-program /usr/local/bin/pinentry-qt in your gpg-agent.conf to pinentry-program /usr/local/bin/pinentry-gtk -- Christian Hiris [EMAIL PROTECTED] | OpenPGP KeyID 0x941B6B0B OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu pgpYzuTEcPM2V.pgp Description: signature
Re: gpg-agent problems...
One of you said something that go me thinking. I checked the value of GPG_AGENT_INFO, and noticed that it referenced an old instance of gpg-agent. I fixed this, now it works. Thanks! -- Aleph-null bottles of beer on the wall, Aleph-null bottles of beer, You take one down, and pass it around, Aleph-null bottles of beer on the wall. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
