Gpg-agent on MacOSX

I had some trouble getting gpg-agent to work reliably on MacOSX, but found that adding the following to ~/.profile works like a charm:

# Script for ensuring only one instance of gpg-agent is running
# and if there is not one, start an instance of gpg-agent.
if test -f $HOME/.gpg-agent-info && kill -0 cut -d: -f 2 $HOME/.gpg-agent-info 2>/dev/null; then
	GPG_AGENT_INFO=cat $HOME/.gpg-agent-info
	SSH_AUTH_SOCK=cat $HOME/.ssh-auth-sock
	SSH_AGENT_PID=cat $HOME/.ssh-agent-pid
	export GPG_AGENT_INFO SSH_AUTH_SOCK SSH_AGENT_PID
else
	eval gpg-agent --daemon
	echo $GPG_AGENT_INFO >$HOME/.gpg-agent-info
	echo $SSH_AUTH_SOCK > $HOME/.ssh-auth-sock
	echo $SSH_AGENT_PID > $HOME/.ssh-agent-pid
fi
# Imperative that this environment variable always reflects the output
# of the tty command.
GPG_TTY=tty
export GPG_TTY

You’ll need to have the following in ~/.gnupg/gpg-agent.conf:

enable-ssh-support
use-standard-socket
pinentry-program /usr/local/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac

The last line is only needed if you want a graphical password (or in my case, pin) dialog. I use pinentry-mac from the MacGPG2 project for this.

Tags: , ,


Leave a Reply

Kumina helps companies innovate with the power of open source software. As specialists in managed IT operations since 2007, our mission is simple: building and managing the perfectly tailored technical infrastructures that allow our clients to thrive.

With fully managed solutions, we help our customers unlock the full potential of the cloud and Kubernetes. Our team also supports organisations with IT consulting and Kubernetes training courses. Learn more about our services or get in touch, we would love to hear about your business and projects.