Differences

This shows you the differences between two versions of the page.

--- osx:start [2019/02/25 14:42]
robm [Automating via SSH configuration files]
+++ osx:start [2019/05/22 15:08]
robm GPG
@@ Line 903: / Line 903: @@
   brew cask install smcfancontrol
+====== GPG with remote forwarding ======
+Overview (notes to follow, I hope):
+  - Install GPG locally and create an identity
+  - Ensure that passphrase challenge ("pinentry") does _not_ use the TTY, since the TTY at the remote won't match local - better to use a GUI or the OSX KeyChain
+  - Install GPG on remote, and import public key
+  - Configure SSH to forward agent socket
+  - Disable systemd stuff which creates (unused) gpg sockets and/or configure SSHd to allow you to delete and recreate those sockets
+https://www.binarybabel.org/2017/03/10/setting-up-pin-entry-for-gpg-under-macos/
+  - ''brew install gnupg gpg-agent pinentry-mac''
+  - Append to ''~/.profile'': <code> if [ -f ~/.gnupg/.gpg-agent-info ] && [ -n "$(pgrep gpg-agent)" ]; then
+    source ~/.gnupg/.gpg-agent-info
+    export GPG_AGENT_INFO
+else
+    eval $(gpg-agent --daemon --write-env-file ~/.gnupg/.gpg-agent-info)
+fi</code>
+  - Create/modify the following GPG files:
+    - ''mkdir -p ~/.gnupg''
+    - ''~/.gnupg/gpg.conf'':<code>use-agent</code>
+    - ''~/.gnupg/gpg-agent.conf'':<code> use-standard-socket
+pinentry-program /usr/local/bin/pinentry-mac
+default-cache-ttl 600
+max-cache-ttl 7200</code>
+https://superuser.com/a/1439824/25945

RobMeerman.co.uk