Is there a way to get login to unlock my gpg keychain?

dave's Avatar

dave

26 Sep, 2012 04:11 PM

I'd rather have full SSO so I don't have to enter my
Environment:

Latest GPGTools release, MacOS Lion

  1. Support Staff 1 Posted by Steve on 01 Oct, 2012 11:56 PM

    Steve's Avatar

    Hey Dave,

    sorry I'm not sure, I understand what you are trying to do. Please elaborate.

    Best :)
    steve

  2. 2 Posted by dave on 02 Oct, 2012 12:34 AM

    dave's Avatar

    As a consequence of having logged into my system, I want to not have
    to supply my GPG passphrase when I use gpg. I have something like
    this with my SSH passphrase already; once I log in, I can ssh to
    anywhere my public key has been authorized without supplying a
    passphrase. If I use that SSH private key from a system where the
    ssh-agent isn't set up in this way, I do have to supply the
    passphrase. Can I do something like that for my GPG passphrase too?

    TIA,

  3. Support Staff 3 Posted by Luke Le on 02 Oct, 2012 12:45 AM

    Luke Le's Avatar

    Hi Dave, sure you can.

    First make sure you've installed the entire GPGTools suite.
    After that, open System Preferences -> GPGPreferences and check "Use Keychain to store passphrases"
    The next time you enter your password it's stored in the keychain and you won't be asked again unless you remove it manually.

    It's definitely comfortable but please be aware that it is also less secure.

    Hope that helps.

  4. Support Staff 4 Posted by Luke Le on 09 Oct, 2012 09:53 PM

    Luke Le's Avatar

    Closing due to inactivity.
    Please feel free to re-open.

  5. Luke Le closed this discussion on 09 Oct, 2012 09:53 PM.

  6. dave re-opened this discussion on 10 Oct, 2012 02:08 AM

  7. 5 Posted by dave on 10 Oct, 2012 02:08 AM

    dave's Avatar

    Well, actually I have this set up already but there are several scenarios where the agent is deemed ineligible for some reason. In particular, when I invoke gpg through emacs, `M-x async-shell-command RET echo foo | gpg -s RET', I get:

    You need a passphrase to unlock the secret key for
    user: "David Abrahams (Principal, Boostpro Computing) [email blocked]"
    1024-bit DSA key, ID 4E7A5231, created 2008-08-05

    gpg: gpg-agent is not available in this session
    Enter passphrase:

  8. Support Staff 6 Posted by Luke Le on 10 Oct, 2012 06:55 AM

    Luke Le's Avatar

    Hi Dave,

    ah ok, that's a very different situation. I'll have to research that a little and will get back to you if I find a solution.
    Basically the problem is that your shell is not using the current Aqua session and I think there are parameters to fix that.

  9. 7 Posted by dave on 10 Oct, 2012 05:31 PM

    dave's Avatar

    Thanks so much for looking into it!

  10. Support Staff 8 Posted by Luke Le on 10 Oct, 2012 08:51 PM

    Luke Le's Avatar

    Hi Dave,

    one thing, could you please check which version of gnupg you're using?
    If you're using any gpg2 version the agent should be started on demand.

  11. Support Staff 9 Posted by Luke Le on 02 Nov, 2012 08:52 AM

    Luke Le's Avatar

    Closing this discussion due to no further user feedback.

    Feel free to re-open or create a new discussion anytime.

  12. Luke Le closed this discussion on 02 Nov, 2012 08:52 AM.

  13. dave re-opened this discussion on 02 Nov, 2012 06:37 PM

  14. 10 Posted by dave on 02 Nov, 2012 06:37 PM

    dave's Avatar

    Sorry, I missed your query. The agent is started on demand. It's just not working when invoked through emacs. I have GPGTools 0.9.2

  15. Support Staff 11 Posted by Luke Le on 02 Nov, 2012 08:29 PM

    Luke Le's Avatar

    Hi Dave,

    so I'm not really good with emacs, but wanted to test what you're trying to do and it seems to work for me (see attachment.)

    I ran the command:

    shell-command echo Hi Dave | gpg --no-tty --clearsign -a
    

    the first time it asked me for my password. After that I typed my password once and chose to store it in OS X keychain.

    On the second attempt, it took it from the keychain and I was no longer asked for the password, so if I understood you correctly, that's exactly what you'd like to have, right?

  16. Support Staff 12 Posted by Steve on 13 Nov, 2012 11:36 AM

    Steve's Avatar

    No further user feedback. Closing.

    @Dave: Should your problem persist, feel free to re-open this discussion any time.

    All the best,
    steve

  17. Steve closed this discussion on 13 Nov, 2012 11:36 AM.

  18. dave re-opened this discussion on 02 Dec, 2012 11:04 PM

  19. 13 Posted by dave on 02 Dec, 2012 11:07 PM

    dave's Avatar

    It's back, after I reinstalled my OS and GPGTools. :-(

    cube:~ dave% echo Hi Dave | gpg --no-tty --clearsign -a
    gpg: gpg-agent is not available in this session
    gpg: Sorry, no terminal at all requested - can't get input

  20. 14 Posted by dave on 03 Dec, 2012 01:21 AM

    dave's Avatar

    Actually, this works fine if I invoke gpg2 instead of gpg. Any idea why?

  21. 15 Posted by dave on 03 Dec, 2012 01:27 AM

    dave's Avatar

    Huh, apparently there was an old version of gpg in /usr/local/bin. It would be great if the installer would complain when it detects a collision like that

  22. Support Staff 16 Posted by Luke Le on 05 Dec, 2012 02:27 PM

    Luke Le's Avatar

    Hi Dave,

    interesting indeed. We've been considering adding such a check lately and will probably integrate it in future versions.

    Since GPG 2.0.18 gpg itself starts the gpg-agent on demand. GPG1 wasn't capable of that.

    Glad to see your problems are solved!

    Closing this discussion. Feel free to open a new one anytime should you have questions or run into problems.

  23. Luke Le closed this discussion on 05 Dec, 2012 02:27 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac