arch/pkg/de-p1st-gnupg
2021-06-15 00:28:52 +02:00
..
99_gnupg.sh gnupg and smartcard packages 2021-04-29 14:24:57 +02:00
generate-gpg-conf.sh gnupg: work in progress 2021-04-29 12:09:36 +02:00
GnuPG_MiniHowto_ger_20200215.pdf add GnuPG MiniHowto 2021-05-31 17:32:20 +02:00
gpg-agent.conf fix 2021-06-15 00:28:52 +02:00
PKGBUILD fix 2021-06-15 00:28:52 +02:00
README.md fix 2021-06-15 00:28:52 +02:00

gnupg

TODO:

  • Currently using graphical pinentry ... this would mean dependend on X11/wayland
    • could this be done with holo?
    • default to terminal-pinentry
    • de-p1st-gnupg-x11 then changes the /etc/skel files to use graphical-pinentry

GnuPG german mini HowTo:

One can use /etc/gnupg/gpgconf.conf to configure gpg and gpg-agent. However, not all options are available ...

gpgconf --list-options gpg
gpgconf --list-options gpg-agent

Using a smartcard:

Note about login shell:

/etc/profile This file should be sourced by all POSIX sh-compatible shells upon login: it sets up $PATH and other environment variables and application-specific (/etc/profile.d/*.sh) settings upon login.

gpg.conf

Location: ~/.gnupg/gpg.conf

gpg-agent.conf

Location: ~/.gnupg/gpg-agent.conf

# List pinentries: pacman -Ql pinentry | grep /usr/bin/
# If a graphical application shall use ones smartcard one needs to specify a graphical pinentry program.
pinentry-program /usr/bin/pinentry-gnome3

# Enable ssh to use a smartcard for authentication.
enable-ssh-support

Debug options:

debug-pinentry
debug ipc
verbose
log-file /home/__USER__/.gnupg/logfile.log

gnupg depends on pinentry and pinentry-gnome3 is part of pinentry.

$ pacman -F /usr/bin/pinentry-gnome3
usr/bin/pinentry-gnome3 is owned by core/pinentry 1.1.1-1

Graphical Login: /etc/profile.d/*.sh, bashrc, .zshrc.local

One's login shell should run this:

GPG_TTY=$(tty)
export GPG_TTY
gpg-connect-agent updatestartuptty /bye >/dev/null

SSH_AUTH_SOCK: /etc/profile.d/*.sh, bashrc, .zshrc.local

One's login shell should run the following.

Note: /etc/profile.d/99_gnupg.sh does not work! TODO maybe was just wrong permission?

unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
  SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
  export SSH_AUTH_SOCK
fi