Problems loading an authentication key from a USB Crypto-Stick

Todd A. Jacobs codegnome.consulting+gnupg.org at gmail.com
Sun Feb 26 17:50:15 CET 2012


On Sat, Feb 25, 2012 at 8:43 AM, Todd A. Jacobs wrote:


> eval `keychain --eval --agents gpg,ssh id_rsa BCB6C8D4`
>

With keychain 2.6.8 (and possibly others) the agents won't start properly
if actually specified, so taking out the agents option actually allows
gpg-agent to start, while also handling the ssh-agent keys. One also needs
to add the --quick option to avoid being prompted for the gpg key's
passwords each time. So:

eval `keychain --quick --ignore-missing --eval id_rsa BCB6C8D4`

*mostly* works, but the gpg-agent is still not being consulted for signing.
Even if one kills all agents and the scdaemon, and uses "eval $(gpg-agent
--daemon)" instead, the agent refuses to consult the cache when signing.

$ gpg-agent --version
gpg-agent (GnuPG) 2.0.17
libgcrypt 1.5.0

$ echo $GPG_AGENT_INFO
/home/fubar/.gnupg/S.gpg-agent:926:1

# Prompts twice for password to clearsign.
echo foo | gpg --clearsign; echo foo | gpg --clearsign

So, the keychain problem seems to be resolved, in that gpg-agent is now
reading the SSH authentication key off the CryptoStick and handing it off
to ssh-agent, but gpg-agent is still not caching passphrases for signing
activities, which seems rather critical to its usefulness. :)

What else can I do to help debug this?

--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120226/945660af/attachment-0001.htm>


More information about the Gnupg-users mailing list