4

(kubuntu, but trying to remain platform independent in my approaches.)

Either of conceptual explanations or necessary steps are appreciated.

I'm reading through the documentation, and tried to get gpg-agent to work once, but am getting discouraged as each attempt will require a reboot, and I don't really understand how it works in the first place (just cutting and pasting code).

I want to use gpg-agent so that I can try out GNUS without entering passphrase on .authinfo.gpg every time I open GNUS.

I'd like to understand more about the process before I dig into the problem more.

  1. Is a gpg --gen-key necessary before using gpg-agent for .authinfo.gpg?
  2. Are the config lines mentioning SSH necessary for my minimal use of gpg?
  3. Is .authinfo.gpg to take position on some keychain? Does that keychain itself need a master key?

Please correct me on the imagined flow of the process. (Is an absent key needed?). I regret that it is very sparse.

  1. After boot, initialization turns on the gpg daemon, and other related settings are made.
  2. When GNUS accesses .authinfo.gpg, it caches something with gpg-agent.

Here are some more details I consider.

The following variables are set

GPG_AGENT_INFO    ${HOME}/.gpg-agent-info
GPG_TTY           $(TTY)

In ~/.gnupg/gpg.conf, we need to see use-agent. I leave the dummy #default-key ******** commented out, as I believe it's only needed if you have more than one key.

In ~/.gnupg/gpg-agent.conf, we need to see

pinentry-program /usr/bin/pinentry-qt4
no-grab
default-cache-ttl 1800

(Though, pinentry-qt4 might be replaced with other present versions, such as pinentry-curses.)

There may be some redundancies, but I've also seen lines for I assume .bashrc, such as eval $(gpg-agent --daemon), or 

gpg-agent --daemon \
    --write-env-file "${HOME}/.gpg-agent-info"

(I've omitted lines regarding SSH, as I assume I don't need this for now.)

I've seen a troubleshooting command

echo "test" | gpg -ase -r 0xMYKEYID | gpg

but since I wasn't sure if I needed a key in the first place, I didn't go further with this.

Brady Trainor
  • 2,026
  • 20
  • 18
  • 1
    You're using a debian-based system. `gpg` is GnuPG version 1, which does not support using `gpg-agent`. Use `gpg2` instead. – Jens Erat Sep 13 '14 at 21:05
  • @JensErat, thank you, will step back through instructions starting at [GnuPG and EasyPG Assistant Configuration - Emacs auth-source Library](http://www.gnu.org/software/emacs/manual/html_node/auth/GnuPG-and-EasyPG-Assistant-Configuration.html), keeping this in mind. – Brady Trainor Sep 13 '14 at 23:13
  • @JensErat, brilliant! I played around a bit more, and eventually googled "emacs gpg2", and tried `(setq epg-gpg-program "/usr/bin/gpg2")`. It seems to work, thank you! – Brady Trainor Sep 14 '14 at 00:12
  • gpg and gpg-agent work fine here with a Debian setup. Specifically gpg and not gpg2. – RichieHH Oct 15 '14 at 09:59

1 Answers1

1

Here is my very amateur tutorial in reply to my own question.

To check if gpg-agent is already enabled, try 

ps aux | grep gpg

I find

iam@heeere:/e$ ps aux | grep gpg
iam       1490  0.0  0.0  16728   900 ?        Ss   17:25   0:00 gpg-agent --daemon --sh
iam       2611  0.0  0.0  11748   912 pts/0    S+   17:33   0:00 grep --color=auto gpg

This together with

(setq epg-gpg-program "/usr/bin/gpg2")

seemed to solve my problem. As Jens Erat pointed out, gpg-agent is associated with gpg2, not gpg.

In fact, I deleted all the modifications I had made from

GnuPG and EasyPG Assistant Configuration - Emacs auth-source Library,

and it still worked perfectly. That is, no eval $(gpg-agent --daemon), no gpg-agent.conf needed. Though, I may add some back, for instance default-cache-ttl. And while pinentry-curses looks appealing, I think greater minds than mine have struggled with preventing gpg-agent using pop-up from Emacs, so I'll leave that alone.

Brady Trainor
  • 2,026
  • 20
  • 18