Menu
I'm trying to start signing Git commits. I setup a GPG key with keybase.io and have it synced on my local machine and on my Git server. Now, I'm trying to solve the problem of typing the key passphrase on every single commit.
PS> git commit -m "testing" --allow-empty
You need a passphrase to unlock the secret key for
user: "keybase.io/anthonymastrean <[email protected]>"
2048-bit RSA key, ID AD9184C0, created 2015-04-14 (main key ID 293FEB8B)
Enter passphrase:
As I understand it, I need something like gpg-agent installed. I'm on Windows 10 Pro 1803, so I'm looking at Gpg4win (recommend by GitHub and others). I installed it via Chocolatey, so I have the complete default installation.
However, I can't figure out how to get gpg-agent to start caching my passphrase. I'm prompted every time I commit.
The gpg-agent says it's running
PS> gpg-agent
gpg-agent[4644]: gpg-agent running and available
I've this gpg-connect-agent thing, but I don't know what to do with it.
PS> gpg-connect-agent.exe
> help
# NOP
# CANCEL
# OPTION
# BYE
# AUTH
# RESET
# END
# HELP
# GETEVENTCOUNTER
# ISTRUSTED <hexstring_with_fingerprint>
# HAVEKEY <hexstrings_with_keygrips>
# KEYINFO [--[ssh-]list] [--data] [--ssh-fpr] [--with-ssh] <keygrip>
# SIGKEY <hexstring_with_keygrip>
# SETKEY
# SETKEYDESC plus_percent_escaped_string
# SETHASH (--hash=<name>)|(<algonumber>) <hexstring>
# PKSIGN [<options>] [<cache_nonce>]
# PKDECRYPT [<options>]
# GENKEY [--no-protection] [--preset] [--inq-passwd]
# READKEY <hexstring_with_keygrip>
# GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]]
# PRESET_PASSPHRASE [--inquire] <string_or_keygrip> <timeout> [<hexstring>]
# CLEAR_PASSPHRASE [--mode=normal] <cache_id>
# GET_CONFIRMATION <description>
# LISTTRUSTED
# MARKTRUSTED <hexstring_with_fingerprint> <flag> <display_name>
# LEARN [--send] [--sendinfo] [--force]
# PASSWD [--cache-nonce=<c>] [--passwd-nonce=<s>] [--preset]
# INPUT
# OUTPUT
# SCD <commands to pass to the scdaemon>
# KEYWRAP_KEY [--clear] <mode>
# IMPORT_KEY [--unattended] [--force] [<cache_nonce>]
# EXPORT_KEY [--cache-nonce=<nonce>] [--openpgp] <hexstring_with_keygrip>
# DELETE_KEY [--force|--stub-only] <hexstring_with_keygrip>
# GETVAL <key>
# PUTVAL <key> [<percent_escaped_value>]
# UPDATESTARTUPTTY
# KILLAGENT
# RELOADAGENT
# GETINFO <what>
# KEYTOCARD [--force] <hexstring_with_keygrip> <serialno> <id> <timestamp>
OK
I see the man page talks about how to start the gpg-agent in a Bash session, but I'm not sure how to translate that to Windows and have it work across cmd.exe and PowerShell.
https://linux.die.net/man/1/gpg-agent
562
Start the agent on startup The most simple solution is to create a shortcut of C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe inside of C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup .
Go to the GnuPG website to download the software: https://gnupg.org/download/index.html. Scroll to GnuPG Binary Releases. For the Windows OS, select the Download Sig link either for Simple Installer for the Current GnuPG or Simple Installer for GnuPG 1.4. Select Run and follow the steps to install the software.
Start the gpg-agent as a daemon; that is, detach it from the console and run it in the background. Because gpg-agent prints out important information required for further use, a common way of invoking gpg-agent is: eval $(gpg-agent --daemon) to setup the environment variables.
gpg-agent is a daemon to manage secret (private) keys independently from any protocol. It is used as a backend for gpg and gpgsm as well as for a couple of other utilities. The agent is automatically started on demand by gpg , gpgsm , gpgconf , or gpg-connect-agent .
You are here: Runbox Help > How-tos > Encryption > Installing GPG on Microsoft Windows. The GPG website suggests that Gpg4win as an easy way to install GPG on a computer running Microsoft Windows. The installer is easy to use, and requires only a few options to be selected by the user during installation.
Text that you will type literally (unchanged) is indicated with “black constant width”. To get started with GPG, you first need to generate your key pair. That is, you will generate both a private and a public key with a single command. Enter your name and email address at the prompts, but accept the default options otherwise.
Show activity on this post. You can use gpgconf --launch gpg-agent to make gpg-agent running in background on Windows. You can find the location of gpg-agent.conf with this command:
Open a Terminal window (Applications > Utilities menu), then enter the following command. When that’s complete, install the GPG software package with the following command. What follows is a very brief introduction to command line usage of GPG.
You can use gpgconf --launch gpg-agent to make gpg-agent running in background on Windows.
To make gpg-agent auto-running when I logged in, I add a task in Task Scheduler:
To expand the expiry on the passphrase, add these line to gpg-agent.conf:
default-cache-ttl 34560000
max-cache-ttl 34560000
I tried to set the number to 999999999, but it didn't work at all
You can find the location of gpg-agent.conf with this command:
$ gpgconf.exe --list-dirs
sysconfdir:C%3a\ProgramData\GNU\etc\gnupg
bindir:C%3a\Program Files (x86)\GnuPG\bin
libexecdir:C%3a\Program Files (x86)\GnuPG\bin
libdir:C%3a\Program Files (x86)\GnuPG\lib\gnupg
datadir:C%3a\Program Files (x86)\GnuPG\share\gnupg
localedir:C%3a\Program Files (x86)\GnuPG\share\locale
socketdir:C%3a\Users\Jerry\AppData\Roaming\gnupg
dirmngr-socket:C%3a\Users\Jerry\AppData\Roaming\gnupg\S.dirmngr
agent-ssh-socket:C%3a\Users\Jerry\AppData\Roaming\gnupg\S.gpg-agent.ssh
agent-extra-socket:C%3a\Users\Jerry\AppData\Roaming\gnupg\S.gpg-agent.extra
agent-browser-socket:C%3a\Users\Jerry\AppData\Roaming\gnupg\S.gpg-agent.browser
agent-socket:C%3a\Users\Jerry\AppData\Roaming\gnupg\S.gpg-agent
homedir:C%3a\Users\Jerry\AppData\Roaming\gnupg
gpg-agent.conf is in homedir
174
I needed to inform git of the gpg program that I've installed, which itself knows about the gpg-agent that it should use.
PS> git config --global gpg.program $(Resolve-Path (Get-Command gpg | Select-Object -Expand Source) | Select-Object -Expand Path)
After setting this configuration, the "PIN Entry" dialog for Gpg4win pops up!
I might be missing something as far as automatically starting the gpg-agent or understanding the session lifecycle, but I'll come back with more details.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With