[pkg-gnupg-maint] Bug#787313: Bug#787313: Bug#787313: Systemd user unit for gnupg-agent
Werner Koch
wk at gnupg.org
Wed Jun 3 08:03:42 UTC 2015
On Wed, 3 Jun 2015 08:05, gniibe at fsij.org said:
> Thank you. I think it makes sense.
I don't think so. GnuPG uses a locking mechanism to avoid that several
instances of gpg and friends start gpg-agent. Thus watching the socket
file and starting gpg-agent on a connect attempt won't work too well.
> While it would be easier for GnuPG-only users to invoke gpg-agent by
> gpg (and its friends), there are users who use SSH under gpg-agent as
> well.
The preferred way to start gpg-agent in this case is
gpgconf --launch gpg-agent
for 2.1 or
gpg-connect-agent /bye
for 2.0 (works also with 2.1). It would be even better if ssh or that
systemd stuff starts gpg-agent this way at the first attempt of ssh to
use an ssh-agent. But that requires a change to ssh because ssh does
not use a fixed socket name.
>> Description=GNU privacy guard password agent
> ^^^^^^^^
>
> This is not accurate description, today. In modern GnuPG, gpg-agent
> basically handles operations for secret keys.
Actually since 1.9 (in 2003) where this has always been required by
GnuPG's CMS/X.509 (aka S/MIME) part.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the pkg-gnupg-maint
mailing list