search

cruegge / pam-gnupg

Unlock GnuPG keys on login
GNU General Public License v3.0
268 stars 12 forks source link

unlock the gpg-agent spawned by bash_profile #47

Closed dkwo closed 1 year ago

dkwo commented 1 year ago

is it possible to use this tool to unlock a gpg-agent that is exec'd by .bash_profile, as opposed to a long-lived one that survives log out? (my use is that i have a runit service that checks mail with mbsync periodically.)

my bashrc contains

export GPG_TTY=$(tty)
unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
    export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi

my bash_profile contains

[[ -f ~/.bashrc ]] && . ~/.bashrc
if [ -z $DISPLAY ] && [ "$(fgconsole)" -eq 1 ]; then
 exec gpg-agent --daemon river > ~/Projects/river.log 2>&1
fi

but I currently need to unlock gpg by hand (at first use, by pinentry).

Thanks.

cruegge commented 1 year ago

No, this is not possible. We simply send the login password to a running agent instance, and optionally start a new instance right away. There is no component that could stash the password for an agent that's started later.