Now that some
are using
GnuPG for
the first
time (at least I like to think you are) you noticed that almost
any action requires your passphrase. I'd like to introduce you to
the GnuPG Agent which is used for key management. Using an
agent you can, among other things, enter your passphrase only once,
the first time it is needed. On all subsequent actions the agent will
take care of it. It's similar to what the ssh-agent does with
SSH keys.
GPG should use the agent when ever possible. Added to
"~/.gnupg/gpg.conf":
# Passphrase agentSince you are editing config files you should prepare the agent one now, "~/.gnupg/gpg-agent.conf":
use-agent
# Environment fileAgent makes use of the pinentry package, which provides a collection of simple PIN and passphrase entry dialogs. You can choose between the ncurses, gtk and qt versions.
write-env-file /home/user/.gnupg/gpg-agent.info
# Cache settings
default-cache-ttl 3600
default-cache-ttl-ssh 3600
# PIN entry program
#pinentry-program /usr/bin/pinentry-curses
pinentry-program /usr/bin/pinentry-gtk-2
# SmartCard daemon
#scdaemon-program /usr/bin/scdaemon
disable-scdaemon
# Start the GnuPG agent and enable OpenSSH agent emulation gnupginf="${HOME}/.gnupg/gpg-agent.info" if ( pgrep -u "${USER}" gpg-agent ); then eval `cat $gnupginf` eval `cut -d= -f1 $gnupginf | xargs echo export` else eval `gpg-agent --enable-ssh-support --daemon` fiThat is all. You enter your passphrase once, first time it is needed, and for the rest of the session (see the cache section in the manual page) you can work transparently. However you will notice that I enabled the SSH support. The previously mentioned ssh-agent does a similar thing for your SSH keys, but you can avoid running both since the GPG agent has SSH emulation. If you are not using the SSH agent it's a good time to start.
$ ssh-keygen -t rsa -b 4096I don't need to tell you that you should pick a decent passphrase when prompted and never choose the easy way and leave it empty. Now you have two new files in your "~/.ssh" directory: "id_rsa" with your private and "id_rsa.pub" with your public key. You should copy your public key to a remote server with >scp or ssh-copy-id (note that many servers are configured too look for the keys in files named: "authorized_keys" or "authorized_keys2", you can rename your "id_rsa.pub" file, create a symlink or append its contents to an existing keys file). When your key is on the server you can try to login. As with GPG you are asked for your passphrase every time. This is where the agent comes in, if you use one you are asked for your passphrase only the first time, while all other logins are completely transparent.
$ ssh-add...and your key is approved. Your agent is now taking care of both GPG and SSH keys, making your life much easier.
* * * * * SSH_AUTH_SOCK=`find /tmp/gpg-* -name S.gpg-agent.ssh` ssh ... ......or read the needed data from the agent information file (see the above xinitrc example).