Posts Tagged ‘gpg-agent’

Installing the Cryptostick in Ubuntu 11.04

Tuesday, July 5th, 2011

As you probably know by now: We have our SSH and PGP-keys on a CryptoStick. But getting it to work used to be somewhat harder than it is now. So without further ado: The (almost) foolproof way to get SSH and PGP working with the CryptoStick in Ubuntu:

  1. sudo apt-get install gpgsm libccid gnupg-agent
  2. Go to System > Preferences > Startup Applications and disable “SSH Key Agent”, “Secret Storage Service” and “Certificate and Key Storage” (You could possibly only disable the SSH Key Agent, but this is untested)
  3. gpg --card-edit and gpg/card> fetch to import your card public keys. Alternatively, setup your CryptoStick at this stage
  4. echo "enable-ssh-support" >> .gnupg/gpg-agent.conf
  5. Log out and back in
  6. DONE!

You should now see a pinentry program when SSH’ing or signing a message.

Gpg-agent on MacOSX

Monday, November 2nd, 2009

I had some trouble getting gpg-agent to work reliably on MacOSX, but found that adding the following to ~/.profile works like a charm:

# Script for ensuring only one instance of gpg-agent is running
# and if there is not one, start an instance of gpg-agent.
if test -f $HOME/.gpg-agent-info && kill -0 `cut -d: -f 2 $HOME/.gpg-agent-info` 2>/dev/null; then
	GPG_AGENT_INFO=`cat $HOME/.gpg-agent-info`
	SSH_AUTH_SOCK=`cat $HOME/.ssh-auth-sock`
	SSH_AGENT_PID=`cat $HOME/.ssh-agent-pid`
	export GPG_AGENT_INFO SSH_AUTH_SOCK SSH_AGENT_PID
else
	eval `gpg-agent --daemon`
	echo $GPG_AGENT_INFO >$HOME/.gpg-agent-info
	echo $SSH_AUTH_SOCK > $HOME/.ssh-auth-sock
	echo $SSH_AGENT_PID > $HOME/.ssh-agent-pid
fi
# Imperative that this environment variable always reflects the output
# of the tty command.
GPG_TTY=`tty`
export GPG_TTY

You’ll need to have the following in ~/.gnupg/gpg-agent.conf:

enable-ssh-support
use-standard-socket
pinentry-program /usr/local/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac

The last line is only needed if you want a graphical password (or in my case, pin) dialog. I use pinentry-mac from the MacGPG2 project for this.