Next: , Previous: , Up: Top   [Contents][Index]

2 Invoking GPG-AGENT

gpg-agent is a daemon to manage secret (private) keys independently from any protocol. It is used as a backend for gpg and gpgsm as well as for a couple of other utilities.

The usual way to run the agent is from the ~/.xsession file:

eval $(gpg-agent --daemon)

If you don’t use an X server, you can also put this into your regular startup file ~/.profile or .bash_profile. It is best not to run multiple instance of the gpg-agent, so you should make sure that only one is running: gpg-agent uses an environment variable to inform clients about the communication parameters. You can write the content of this environment variable to a file so that you can test for a running agent. Here is an example using Bourne shell syntax:

gpg-agent --daemon --enable-ssh-support \
          --write-env-file "${HOME}/.gpg-agent-info"

This code should only be run once per user session to initially fire up the agent. In the example the optional support for the included Secure Shell agent is enabled and the information about the agent is written to a file in the HOME directory. Note that by running gpg-agent without arguments you may test whether an agent is already running; however such a test may lead to a race condition, thus it is not suggested.

The second script needs to be run for each interactive session:

if [ -f "${HOME}/.gpg-agent-info" ]; then
  . "${HOME}/.gpg-agent-info"
  export SSH_AUTH_SOCK

It reads the data out of the file and exports the variables. If you don’t use Secure Shell, you don’t need the last two export statements.

You should always add the following lines to your .bashrc or whatever initialization file is used for all shell invocations:

export GPG_TTY

It is important that this environment variable always reflects the output of the tty command. For W32 systems this option is not required.

Please make sure that a proper pinentry program has been installed under the default filename (which is system dependant) or use the option pinentry-program to specify the full name of that program. It is often useful to install a symbolic link from the actual used pinentry (e.g. /usr/bin/pinentry-gtk) to the expected one (e.g. /usr/bin/pinentry).

See Option Index,for an index to GPG-AGENT’s commands and options.

Next: , Previous: , Up: Top   [Contents][Index]