Search code examples
windowsgitgnupggpg-agent

How do I install and use gpg-agent on Windows?

I'm trying to start signing Git commits. I setup a GPG key with keybase.io and have it synced on my local machine and on my Git server. Now, I'm trying to solve the problem of typing the key passphrase on every single commit.

PS> git commit -m "testing" --allow-empty

You need a passphrase to unlock the secret key for
user: "keybase.io/anthonymastrean <anthonymastrean@keybase.io>"
2048-bit RSA key, ID AD9184C0, created 2015-04-14 (main key ID 293FEB8B)

Enter passphrase:

As I understand it, I need something like gpg-agent installed. I'm on Windows 10 Pro 1803, so I'm looking at Gpg4win (recommend by GitHub and others). I installed it via Chocolatey, so I have the complete default installation.

However, I can't figure out how to get gpg-agent to start caching my passphrase. I'm prompted every time I commit.

The gpg-agent says it's running 

PS> gpg-agent
gpg-agent[4644]: gpg-agent running and available

I've this gpg-connect-agent thing, but I don't know what to do with it.

PS> gpg-connect-agent.exe
> help
# NOP
# CANCEL
# OPTION
# BYE
# AUTH
# RESET
# END
# HELP
# GETEVENTCOUNTER
# ISTRUSTED <hexstring_with_fingerprint>
# HAVEKEY <hexstrings_with_keygrips>
# KEYINFO [--[ssh-]list] [--data] [--ssh-fpr] [--with-ssh] <keygrip>
# SIGKEY <hexstring_with_keygrip>
# SETKEY
# SETKEYDESC plus_percent_escaped_string
# SETHASH (--hash=<name>)|(<algonumber>) <hexstring>
# PKSIGN [<options>] [<cache_nonce>]
# PKDECRYPT [<options>]
# GENKEY [--no-protection] [--preset] [--inq-passwd]
# READKEY <hexstring_with_keygrip>
# GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]]
# PRESET_PASSPHRASE [--inquire] <string_or_keygrip> <timeout> [<hexstring>]
# CLEAR_PASSPHRASE [--mode=normal] <cache_id>
# GET_CONFIRMATION <description>
# LISTTRUSTED
# MARKTRUSTED <hexstring_with_fingerprint> <flag> <display_name>
# LEARN [--send] [--sendinfo] [--force]
# PASSWD [--cache-nonce=<c>] [--passwd-nonce=<s>] [--preset]
# INPUT
# OUTPUT
# SCD <commands to pass to the scdaemon>
# KEYWRAP_KEY [--clear] <mode>
# IMPORT_KEY [--unattended] [--force] [<cache_nonce>]
# EXPORT_KEY [--cache-nonce=<nonce>] [--openpgp] <hexstring_with_keygrip>
# DELETE_KEY [--force|--stub-only] <hexstring_with_keygrip>
# GETVAL <key>
# PUTVAL <key> [<percent_escaped_value>]
# UPDATESTARTUPTTY
# KILLAGENT
# RELOADAGENT
# GETINFO <what>
# KEYTOCARD [--force] <hexstring_with_keygrip> <serialno> <id> <timestamp>
OK

I see the man page talks about how to start the gpg-agent in a Bash session, but I'm not sure how to translate that to Windows and have it work across cmd.exe and PowerShell.

https://linux.die.net/man/1/gpg-agent

Solution

  • I needed to inform git of the gpg program that I've installed, which itself knows about the gpg-agent that it should use.

    PS> git config --global gpg.program $(Resolve-Path (Get-Command gpg | Select-Object -Expand Source) | Select-Object -Expand Path)

    After setting this configuration, the "PIN Entry" dialog for Gpg4win pops up!

    enter image description here

    I might be missing something as far as automatically starting the gpg-agent or understanding the session lifecycle, but I'll come back with more details.