How do I install and use gpg-agent on Windows?
I'm trying to start signing Git commits. I setup a GPG key with keybase.io and have it synced on my local machine and on my Git server. Now, I'm trying to solve the problem of typing the key passphrase on every single commit.
PS> git commit -m "testing" --allow-empty
You need a passphrase to unlock the secret key for
user: "keybase.io/anthonymastrean <[email protected]>"
2048-bit RSA key, ID AD9184C0, created 2015-04-14 (main key ID 293FEB8B)
Enter passphrase:
As I understand it, I need something like gpg-agent installed. I'm on Windows 10 Pro 1803, so I'm looking at Gpg4win (recommend by GitHub and others). I installed it via Chocolatey, so I have the complete default installation.
However, I can't figure out how to get gpg-agent to start caching my passphrase. I'm prompted every time I commit.
The gpg-agent says it's running
PS> gpg-agent
gpg-agent[4644]: gpg-agent running and available
I've this gpg-connect-agent thing, but I don't know what to do with it.
PS> gpg-connect-agent.exe
> help
# NOP
# CANCEL
# OPTION
# BYE
# AUTH
# RESET
# END
# HELP
# GETEVENTCOUNTER
# ISTRUSTED <hexstring_with_fingerprint>
# HAVEKEY <hexstrings_with_keygrips>
# KEYINFO [--[ssh-]list] [--data] [--ssh-fpr] [--with-ssh] <keygrip>
# SIGKEY <hexstring_with_keygrip>
# SETKEY
# SETKEYDESC plus_percent_escaped_string
# SETHASH (--hash=<name>)|(<algonumber>) <hexstring>
# PKSIGN [<options>] [<cache_nonce>]
# PKDECRYPT [<options>]
# GENKEY [--no-protection] [--preset] [--inq-passwd]
# READKEY <hexstring_with_keygrip>
# GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]]
# PRESET_PASSPHRASE [--inquire] <string_or_keygrip> <timeout> [<hexstring>]
# CLEAR_PASSPHRASE [--mode=normal] <cache_id>
# GET_CONFIRMATION <description>
# LISTTRUSTED
# MARKTRUSTED <hexstring_with_fingerprint> <flag> <display_name>
# LEARN [--send] [--sendinfo] [--force]
# PASSWD [--cache-nonce=<c>] [--passwd-nonce=<s>] [--preset]
# INPUT
# OUTPUT
# SCD <commands to pass to the scdaemon>
# KEYWRAP_KEY [--clear] <mode>
# IMPORT_KEY [--unattended] [--force] [<cache_nonce>]
# EXPORT_KEY [--cache-nonce=<nonce>] [--openpgp] <hexstring_with_keygrip>
# DELETE_KEY [--force|--stub-only] <hexstring_with_keygrip>
# GETVAL <key>
# PUTVAL <key> [<percent_escaped_value>]
# UPDATESTARTUPTTY
# KILLAGENT
# RELOADAGENT
# GETINFO <what>
# KEYTOCARD [--force] <hexstring_with_keygrip> <serialno> <id> <timestamp>
OK
I see the man page talks about how to start the gpg-agent in a Bash session, but I'm not sure how to translate that to Windows and have it work across cmd.exe and PowerShell.
Answer
You can use
gpgconf --launch gpg-agentto make gpg-agent running in background on Windows.To make gpg-agent auto-running when I logged in, I add a task in Task Scheduler:
To expand the expiry on the passphrase, add these line to gpg-agent.conf:
default-cache-ttl 34560000 max-cache-ttl 34560000
I tried to set the number to 999999999, but it didn't work at all
You can find the location of gpg-agent.conf with this command:
$ gpgconf.exe --list-dirs
sysconfdir:C%3a\ProgramData\GNU\etc\gnupg
bindir:C%3a\Program Files (x86)\GnuPG\bin
libexecdir:C%3a\Program Files (x86)\GnuPG\bin
libdir:C%3a\Program Files (x86)\GnuPG\lib\gnupg
datadir:C%3a\Program Files (x86)\GnuPG\share\gnupg
localedir:C%3a\Program Files (x86)\GnuPG\share\locale
socketdir:C%3a\Users\Jerry\AppData\Roaming\gnupg
dirmngr-socket:C%3a\Users\Jerry\AppData\Roaming\gnupg\S.dirmngr
agent-ssh-socket:C%3a\Users\Jerry\AppData\Roaming\gnupg\S.gpg-agent.ssh
agent-extra-socket:C%3a\Users\Jerry\AppData\Roaming\gnupg\S.gpg-agent.extra
agent-browser-socket:C%3a\Users\Jerry\AppData\Roaming\gnupg\S.gpg-agent.browser
agent-socket:C%3a\Users\Jerry\AppData\Roaming\gnupg\S.gpg-agent
homedir:C%3a\Users\Jerry\AppData\Roaming\gnupg
gpg-agent.conf is in homedir