SDB:Using gpg-agent
Version: 9.0 -
Situation
You want to simplify the encryption of data (e.g., e-mail messages) via GnuPG by using gpg-agent.
Procedure
The following tutorial is aimed at users already familiar with GnuPG and is based on a document available on the KMail home page under http://kmail.kde.org/kmail-pgpmime-howto.html. The most relevant steps follow (if you have updated from an older version of SUSE LINUX, refer to the section at the end of this article for additional information).
If you have performed a standard installation, all the necessary packages are already installed. If this is not the case (or you have updated), make sure that the following packages are installed and, if necessary, use YaST2 to install them from the SUSE CDs or DVD:
gpg gpgme newpg cryptplug libgcrypt libksba pinentry
Verify that the following line is included in GnuPG's configuration file (~/.gnupg/gpg.conf):
use-agent
If the line is not included, insert it with an editor of your choice. Then create a file ~/.gnupg/gpg-agent.conf with the following content:
pinentry-program /usr/bin/pinentry-qt no-grab default-cache-ttl 1800
By doing this, the pinentry program is specified and a time-out value is set.
Then start gpg-agent by inserting the entry eval "$(gpg-agent --daemon)" in the file ~/.xinitrc in your HOME directory:
# # Add your own lines here... # eval "$(gpg-agent --daemon)"
This call sets the environment variable "GPG_AGENT_INFO" when the graphical interface starts. You need to log in again to start gpg-agent.
Conduct a short test to check if GnuPG is working together with the agent. For this purpose, enter the following shell command:
echo "test" | gpg -ase -r 0xMYKEYID | gpg
Replace 0xMYKEYID with your GnuPG key ID. While running this command, the agent should open a graphical password dialog twice: first for signing or encrypting (gpg -ase)(gpg -ase) then for decryption or signature check (| gpg). From now on, every time GnuPG is used (either from the command line or embedded in a graphical program such as KMail), gpg-agent's password will be passed automatically (until the time-out expires or the graphical interface is closed).
Note: Always lock your desktop when leaving your work place. Anyone who can access your X session will have unrestricted access to your secret key.
Procedure when Updating from a Former GnuPG Version
If you have updated GnuPG from 1.0.6 or an older version, some additional steps are necessary when setting up gpg-agent:
- Set the trustlevel for your own key to the highest value ("absolutely trustworthy") by executing:
gpg --edit-key [key-ID] trust
- Rename GnuPG's configuration file ~/.gnupg/options to ~/.gnupg/gpg.conf:
mv ~/.gnupg/options ~/.gnupg/gpg.conf
- Create the signature caches in the GPG key ring with the shell command:
gpg --rebuild-keydb-caches
Note: the configuration of the gpg-agent exceeds the scope of the free-of-charge installation support. For further information about the gpg-agent, refer to the Project Ägypten home page (http://www.gnupg.org/aegypten/index.html).
de:SDB:Verschlüsselung von Email mit Hilfe von GnuPG
<keyword>gpg-agent,gpg,gnupg,pgp,encryption,encrypt</keyword>