Gpg-agent on MacOSX

I had some trouble getting gpg-agent to work reliably on MacOSX, but found that adding the following to ~/.profile works like a charm:

# Script for ensuring only one instance of gpg-agent is running
# and if there is not one, start an instance of gpg-agent.
if test -f $HOME/.gpg-agent-info && kill -0 `cut -d: -f 2 $HOME/.gpg-agent-info` 2>/dev/null; then
	GPG_AGENT_INFO=`cat $HOME/.gpg-agent-info`
	SSH_AUTH_SOCK=`cat $HOME/.ssh-auth-sock`
	SSH_AGENT_PID=`cat $HOME/.ssh-agent-pid`
	export GPG_AGENT_INFO SSH_AUTH_SOCK SSH_AGENT_PID
else
	eval `gpg-agent --daemon`
	echo $GPG_AGENT_INFO >$HOME/.gpg-agent-info
	echo $SSH_AUTH_SOCK > $HOME/.ssh-auth-sock
	echo $SSH_AGENT_PID > $HOME/.ssh-agent-pid
fi
# Imperative that this environment variable always reflects the output
# of the tty command.
GPG_TTY=`tty`
export GPG_TTY

You’ll need to have the following in ~/.gnupg/gpg-agent.conf:

enable-ssh-support
use-standard-socket
pinentry-program /usr/local/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac

The last line is only needed if you want a graphical password (or in my case, pin) dialog. I use pinentry-mac from the MacGPG2 project for this.

Tags: , ,

This entry was posted on Monday, November 2nd, 2009 at 17:33. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.


Comments are closed.

Kumina designs, builds, operates and supports Kubernetes solutions that help companies thrive online. As Certified Kubernetes Service Partner, we know how to build real solutions.

Learn more about us Get in touch