![]() ![]() GPG 2.x always starts an agent process if one isn't running. GPG 2.1 always places the agent socket in ~/.gnupg. This variable contains the location of the socket to communicate with the agent as well as the process ID of the agent. GPG 1.x or 2.0.x knows that the agent is running because the GPG_AGENT_INFO variable is set. (This is a reason not to use gpg-agent for SSH keys.) SSH has had agent forwarding for a very long time. Gpg-agent can't do this yet, it is a planned feature. GPG itself can't do that because the process terminates once it's done its job.Īnother thing that a key agent can do is allow GPG running on a remote machine to obtain keys in the local agent (which may load them from a local file and prompt for your passphrase). The agent keeps the key in memory from one time to the next. The main point of using a key agent is so that you don't have to type your passphrase every single time you use your key. In addition to GPG keys, Gpg-agent can similarly store SSH keys and provide them to SSH processes, like the ssh-agent program that comes with SSH. Once the agent has obtained the decrypted key, it passes it to the gpg process. If it doesn't, it attempts to load the encrypted key from your keyring, and prompts you for the key's passphrase. If the agent process has the key, it provides it to gpg. When a GPG process needs the key, it contacts the running gpg-agent program through a socket and requests the key. Gpg-agent is a program that runs in the background (a daemon) and stores GPG secret keys in memory. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |