Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes: > The fewer tools that handle your OpenPGP passphrase the better, and > future versions of GnuPG will not be able to work without the gpg-agent > anyway (all secret key activity will be handled by the agent as of gnupg > version 2.1, if i understand upstream's development plans correctly). Ok, I didn't realise that GnuPG will be taking away for support for directly prompting for passwords. I agree that using gpg-agent would be better but this patch seemed to be simpler to get working in my use case and it matches how mml currently handles it. > Can you describe what you've tried in terms of using gpg-agent? where > are your secret keys stored? are they on your local machine, or on the > remote machine? Both machines are trusted personal machines so I can put the keys on either (or both). I think what would be ideal is if OpenSSH could support gpg-agent forwarding like it does for ssh-agent. That way when gpg needs a password it could prompt for it via GNOME Keyring on my local machine. I thought about trying to patch OpenSSH but to be honest I lost all motivation when I noticed that it is still maintained in CVS. I found that someone else has made a patch to add support for forwarding of arbitrary Unix domain socketsĀ¹ but it is now out of date. I suppose that could be used quite easily to do gpg-agent forwarding. I couldn't find any feedback from any of the maintainers about why it isn't in the main source code tree yet. It seems like quite a compelling feature. I'm guessing (although I'm not sure) that it requires a change in the protocol and presumably I would have to also compile the server from source so it seemed like quite a lot of faff to start using that patch and I opted for this simpler approach instead. Regards, - Neil 1. https://bugzilla.mindrot.org/show_bug.cgi?id=1256 --------------------------------------------------------------------- Intel Corporation (UK) Limited Registered No. 1134945 (England) Registered Office: Pipers Way, Swindon SN3 1RJ VAT No: 860 2173 47 This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.