help with configuring gpg

[luxus]

hello, first i have to thanks for this awesome config. i had a on off relationship with nix and nixos and this config is the first complex config that was easy to understand. i still have a lot of knowledge gaps and i struggle to setup gnupg with your config. i mean i know how to generate keys but i still struggle to get it working :( how do you setup a new machine with your existing key?

[Misterio77]

Hey!

Glad I could be of help somehow.

I currently use a yubikey for storing my key, but this should work with usual keys stored on disk too.

My most important gpg-related stuff are configured through home-manager. These are the minimum you have to set to get gpg working:

{
  services.gpg-agent = {
    enable = true;
    pinentryFlavor = "gtk2";
  };
  programs.gpg = {
    enable = true;
  };
}

And that's it! Pretty simple.

My own config is a little bit more complicated, because I also:

• Get public keys declaratively. I do this to avoid having to do anything manually, as my private keys lives on my yubibkey (but I need to have the public key on the keyring to use it). This isn't really useful if you have private keys as files, as you need to copy them anyway, might as well copy the public part.
• Use my key for SSH. For this, you should also set services.gpg-agent.enableSshSupport = true and services.gpg-agent.sshKeys = [ 'keygrip' ] (you can get your keygrip using gpg --list-secret-keys --with-keygrip).
• Forward gpg-agent through SSH

[Misterio77]

Oh and I use gnome3 pinentry flavor instead of gtk2 as it looks nicer. I think you need to set (on NixOS, not home-manager) the option services.dbus.packages = [ pkgs.gcr ] for it to work.

[luxus]

great with your help i got everything working so far, even with your config. i imported my key by hand. i didn't knew that i can use a gpg key for ssh, that is working as well now. i should grab one of these yubikeys