Re: gpg finds no secret key when logging remotely after upgrade to stretch

2017-07-11 Thread deloptes 
Ricardo Yanez wrote:

> Is there a way to instruct gpg to request the passphrase in the
> old-fashioned way, in the terminal, when logged-in remotely via SSH?

I did something similar recently for to be able to build and sign packages
automatically in chroot, but it can be useful to you as well. I don't
recall the source where I got some of the commands, but here are my notes
on the subject

gpg agent

edit ~/.gnupg/gpg.conf, and add a line use-agent

edit ~/.gnupg/gpg-agent.conf 
>>> start
pinentry-program /usr/bin/pinentry
no-grab
default-cache-ttl 86400


###+++--- GPGConf ---+++###
verbose
allow-mark-trusted
debug-level basic
log-file socket:///home/user/.gnupg/log-socket
###+++--- GPGConf ---+++###  7.06.2005 () 13,30,15 CEST
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.
> end

Then, restart your session, and you should have gpg-agent running and the
environment variable $GPG_AGENT_INFO set.

or

gpg-agent --daemon
gpg-connect-agent reloadagent /bye
eval $(gpg-agent)

Re: gpg finds no secret key when logging remotely after upgrade to stretch

2017-07-11 Thread Teemu Likonen 
Ricardo Yanez [2017-07-11 11:00:42-07] wrote:

> Is there a way to instruct gpg to request the passphrase in the
> old-fashioned way, in the terminal, when logged-in remotely via SSH?

It's possible with gpg's option "--pinentry-mode loopback". It's still
technically the "new" way: secret key operations are handled entirely by
gpg-agent which calls pinetry for passphrase. But with "loopback" the
pinentry is somehow routed back to the caller program (gpg).

-- 
/// Teemu Likonen   - .-..    //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///


signature.asc
Description: PGP signature

gpg finds no secret key when logging remotely after upgrade to stretch

2017-07-11 Thread Ricardo Yanez 
My gpg key works just fine in a gnome-terminal when I'm logged in via
the gnome display manager. New in stretch is that gnome now pops a
windows for me to give the passphrase, which is really nice, but not so
good if I'm remotely logged-in via SSH. Then I get the disturbing error,

 gpg: public key decryption failed: Operation cancelled
 gpg: decryption failed: No secret key

It turns out, when I'm still logged-in via the display manager, the
passphrase prompt pops up locally. I have to force-logout gnome and kill
gpg-agent to be able to run gpg remotely, and even so, the gpg-agent
pops a sort of text window. It seems the terminal emulator cannot tell
the difference.

Is there a way to instruct gpg to request the passphrase in the
old-fashioned way, in the terminal, when logged-in remotely via SSH?

Thanks,
Ricardo