tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/2063-is-there-a-way-to-get-login-to-unlock-my-gpg-keychainGPGTools: Discussion 2012-12-05T14:28:00Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-09-26T16:11:51Z2012-12-02T23:03:53ZIs there a way to get login to unlock my gpg keychain?<div><p>I'd rather have full SSO so I don't have to enter my<br>
<strong>Environment:</strong></p>
<p>Latest GPGTools release, MacOS Lion</p></div>davetag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-10-01T23:56:35Z2012-10-01T23:56:35ZIs there a way to get login to unlock my gpg keychain?<div><p>Hey Dave,</p>
<p>sorry I'm not sure, I understand what you are trying to do.
Please elaborate.</p>
<p>Best :)<br>
steve</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-10-02T00:34:23Z2012-12-02T23:03:53ZIs there a way to get login to unlock my gpg keychain?<div><p>As a consequence of having logged into my system, I want to not
have<br>
to supply my GPG passphrase when I use gpg. I have something
like<br>
this with my SSH passphrase already; once I log in, I can ssh
to<br>
anywhere my public key has been authorized without supplying a<br>
passphrase. If I use that SSH private key from a system where
the<br>
ssh-agent isn't set up in this way, I do have to supply the<br>
passphrase. Can I do something like that for my GPG passphrase
too?</p>
<p>TIA,</p></div>davetag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-10-02T00:45:40Z2012-10-02T00:45:40ZIs there a way to get login to unlock my gpg keychain?<div><p>Hi Dave, sure you can.</p>
<p>First make sure you've installed the entire GPGTools suite.<br>
After that, open System Preferences -> GPGPreferences and check
"Use Keychain to store passphrases"<br>
The next time you enter your password it's stored in the keychain
and you won't be asked again unless you remove it manually.</p>
<p>It's definitely comfortable but please be aware that it is also
less secure.</p>
<p>Hope that helps.</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-10-09T21:53:07Z2012-10-09T21:53:07ZIs there a way to get login to unlock my gpg keychain?<div><p>Closing due to inactivity.<br>
Please feel free to re-open.</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-10-10T02:08:00Z2012-12-02T23:03:53ZIs there a way to get login to unlock my gpg keychain?<div><p>Well, actually I have this set up already but there are several
scenarios where the agent is deemed ineligible for some reason. In
particular, when I invoke gpg through emacs, `M-x
async-shell-command RET echo foo | gpg -s RET', I get:</p>
<p>You need a passphrase to unlock the secret key for<br>
user: "David Abrahams (Principal, Boostpro Computing)
<a>dave@boostpro.com</a>"<br>
1024-bit DSA key, ID 4E7A5231, created 2008-08-05</p>
<p>gpg: gpg-agent is not available in this session<br>
Enter passphrase:</p></div>davetag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-10-10T06:55:28Z2012-10-10T06:55:28ZIs there a way to get login to unlock my gpg keychain?<div><p>Hi Dave,</p>
<p>ah ok, that's a very different situation. I'll have to research
that a little and will get back to you if I find a solution.<br>
Basically the problem is that your shell is not using the current
Aqua session and I think there are parameters to fix that.</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-10-10T17:31:30Z2012-12-02T23:03:54ZIs there a way to get login to unlock my gpg keychain?<div><p>Thanks so much for looking into it!</p></div>davetag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-10-10T20:51:49Z2012-10-10T20:51:49ZIs there a way to get login to unlock my gpg keychain?<div><p>Hi Dave,</p>
<p>one thing, could you please check which version of gnupg you're
using?<br>
If you're using any gpg2 version the agent should be started on
demand.</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-11-02T08:52:29Z2012-11-02T08:52:29ZIs there a way to get login to unlock my gpg keychain?<div><p>Closing this discussion due to no further user feedback.</p>
<p>Feel free to re-open or create a new discussion anytime.</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-11-02T18:37:35Z2012-12-02T23:03:54ZIs there a way to get login to unlock my gpg keychain?<div><p>Sorry, I missed your query. The agent <em>is</em> started on
demand. It's just not working when invoked through emacs. I have
GPGTools 0.9.2</p></div>davetag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-11-02T20:29:19Z2012-11-02T20:29:19ZIs there a way to get login to unlock my gpg keychain?<div><p>Hi Dave,</p>
<p>so I'm not really good with emacs, but wanted to test what
you're trying to do and it seems to work for me (see
attachment.)</p>
<p>I ran the command:</p>
<pre>
<code>shell-command echo Hi Dave | gpg --no-tty --clearsign -a</code>
</pre>
<p>the first time it asked me for my password. After that I typed
my password once and chose to store it in OS X keychain.</p>
<p>On the second attempt, it took it from the keychain and I was no
longer asked for the password, so if I understood you correctly,
that's exactly what you'd like to have, right?</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-11-13T11:36:36Z2012-11-13T11:36:36ZIs there a way to get login to unlock my gpg keychain?<div><p>No further user feedback. Closing.</p>
<p>@Dave: Should your problem persist, feel free to re-open this
discussion any time.</p>
<p>All the best,<br>
steve</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-12-02T23:07:19Z2012-12-02T23:07:19ZIs there a way to get login to unlock my gpg keychain?<div><p>It's back, after I reinstalled my OS and GPGTools. :-(</p>
<p>cube:~ dave% echo Hi Dave | gpg --no-tty --clearsign -a<br>
gpg: gpg-agent is not available in this session<br>
gpg: Sorry, no terminal at all requested - can't get input</p></div>davetag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-12-03T01:21:16Z2012-12-03T01:21:17ZIs there a way to get login to unlock my gpg keychain?<div><p>Actually, this works fine if I invoke gpg2 instead of gpg. Any
idea why?</p></div>davetag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-12-03T01:27:46Z2012-12-03T01:27:47ZIs there a way to get login to unlock my gpg keychain?<div><p>Huh, apparently there was an old version of gpg in
/usr/local/bin. It would be great if the installer would complain
when it detects a collision like that</p></div>davetag:gpgtools.tenderapp.com,2011-11-04:Comment/190681392012-12-05T14:27:57Z2012-12-05T14:27:57ZIs there a way to get login to unlock my gpg keychain?<div><p>Hi Dave,</p>
<p>interesting indeed. We've been considering adding such a check
lately and will probably integrate it in future versions.</p>
<p>Since GPG 2.0.18 gpg itself starts the gpg-agent on demand. GPG1
wasn't capable of that.</p>
<p>Glad to see your problems are solved!</p>
<p>Closing this discussion. Feel free to open a new one anytime
should you have questions or run into problems.</p></div>Luke Le