New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[mig client] Add support for GNUPG 2.1 #190

Open
hardikj opened this Issue Mar 5, 2016 · 5 comments

Comments

Projects
None yet
7 participants
@hardikj
Copy link

hardikj commented Mar 5, 2016

Currently, MIG is only compatible with GNUPG version 1.x and 2.x and looks for a secring.pgp on startup. In the GNUPG version 2.1 secring.gpg file is not used anymore and only gpg-agent is responsible for the private parts of the keys.

It will be nice to make MIG compatible with GNUPG 2.1 while maintaining the support for version 2.x and 1.x. This can be implemented either by asking gpg-agent for the keys when secring.gpg is not found or by looking for GNUPG version upfront and proceeding accordingly.

For more info about the changes in version 2.1 see:

https://www.gnupg.org/faq/whats-new-in-2.1.html

@jvehent

This comment has been minimized.

Copy link
Contributor

jvehent commented Mar 14, 2016

I have not tested gnupg 2.1, but mig should already talk to gpg-agent if the socket is present. Did you verify that this isn't working as expected?

@ameihm0912 ameihm0912 self-assigned this Sep 7, 2016

@gdestuynder

This comment has been minimized.

Copy link
Contributor

gdestuynder commented Sep 7, 2016

in newer GPG the socket is no longer advertised by the environment so I suspect its not being picked up
i suspect --extra-socket option of the agent can be used as a work around, while manually setting the env to point to it for ex.

Alternatively the standard socket path is always: /run/user/UID_HERE/gnupg/S.gpg-agent (though the go lib doesnt seem to be able to pick it up even if its provided in env GPG_AGENT_INFO)

@kpcyrd

This comment has been minimized.

Copy link

kpcyrd commented Sep 1, 2017

I'm using a separate folder for my investigator key and I've worked around this with:

gpg --export-secret-keys > my_gpg_folder/secring.gpg
@gdestuynder

This comment has been minimized.

Copy link
Contributor

gdestuynder commented Sep 6, 2017

I'm doing the same though it's annoying to have to type the passphrase every time ;-)

@ameihm0912 ameihm0912 removed their assignment Nov 28, 2017

@2011aad

This comment has been minimized.

Copy link

2011aad commented May 12, 2018

The method from @kpcyrd really works, but need to copy xxxxx.key in private-keys-v1.d/ folder to the same place with secring.gpg. It would be better to support GNUPG 2.x

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment