GTK pinentry with gpg-agent as ssh-agent

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

GTK pinentry with gpg-agent as ssh-agent

GnuPG - User mailing list
Hi folks,

I start using my gpg key as my ssh key and I configure gpg-agent to manage my ssh keys as mention in the arch wiki article.
The problem is, it work well but my gpg-agent is now "link" to the last terminal I opened, and I do not have the GTK's Pinentry prompt.
It's very annoying as I use a lot of terminal, and some graphic software like thunderbird will not trigger the GTK prompt to unlock my GPG key anymore. (Therefore hanging indefinitely in the hope to receive access to my GPG private key, which they never acceed as I do not have any prompt to unlock it)
I actually trigger a dummy unlocking of my GPG key on the last terminal I have open every time I know an application is going to need access to the key. (which is really annoying)

So, is there a way to have BOTH gpg-agent managing ssh, and GTK pinentry prompts for unlocking keys ?
If not, is there a way to export/convert a gpg private key into an ssh private key, so I can go back to classic ssh-agent. (And I will convert my GPG A private subkey to a SSH private key each time I rotate my subkeys) (this is not a big deal if I can automate it...)

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: GTK pinentry with gpg-agent as ssh-agent

GnuPG - User mailing list


On Tue, 2021-03-02 at 10:35 +0000, Romain Lebrun Thauront via Gnupg-users wrote:

> Hi folks,
>
> I start using my gpg key as my ssh key and I configure gpg-agent to manage my
> ssh keys as mention in the arch wiki
> article.
> The problem is, it work well but my gpg-agent is now "link" to the last
> terminal I opened, and I do not have the GTK's
> Pinentry prompt.
> It's very annoying as I use a lot of terminal, and some graphic software like
> thunderbird will not trigger the GTK
> prompt to unlock my GPG key anymore. (Therefore hanging indefinitely in the
> hope to receive access to my GPG private
> key, which they never acceed as I do not have any prompt to unlock it)
> I actually trigger a dummy unlocking of my GPG key on the last terminal I have
> open every time I know an application is
> going to need access to the key. (which is really annoying)
>
> So, is there a way to have BOTH gpg-agent managing ssh, and GTK pinentry
> prompts for unlocking keys ?
> If not, is there a way to export/convert a gpg private key into an ssh private
> key, so I can go back to classic ssh-
> agent. (And I will convert my GPG A private subkey to a SSH private key each
> time I rotate my subkeys) (this is not a
> big deal if I can automate it...)
> _______________________________________________
> Gnupg-users mailing list
> [hidden email]
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

Sounds like you don't have GPG_TTY setup correctly. Did you pass over this part
of the documentation? Adding this to your .bashrc (or equivalent) should allow
whichever terminal you're using to access the gpg-agent

https://wiki.archlinux.org/index.php/GnuPG#Configure_pinentry_to_use_the_correct_TTY


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: GTK pinentry with gpg-agent as ssh-agent

GnuPG - User mailing list
In reply to this post by GnuPG - User mailing list
On Tue,  2 Mar 2021 10:35, Romain Lebrun Thauront said:

> So, is there a way to have BOTH gpg-agent managing ssh, and GTK
> pinentry prompts for unlocking keys ?

I use this for more than a decade.  You have to use

  gpg-connect-agent updatestartuptty /bye

if you switch your xserver; that is if you login from another machine or
account int the xserver where gpg-agent has been started.  With gpg or
gpgsm this is not required because they can tell gpg-agent about their
own environment.  ssh is not able to do this.  I have posted patch to
the openssh portable list to enhance ssh-agent but they have not yet
been merged.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (233 bytes) Download Attachment