From d0696001902ed3fef790b3e2a50c9ede71d7a887 Mon Sep 17 00:00:00 2001 From: fpi Date: Mon, 13 Jan 2020 15:24:55 +0100 Subject: Add gpg-agent configuration --- gpg-agent.org | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 gpg-agent.org (limited to 'gpg-agent.org') diff --git a/gpg-agent.org b/gpg-agent.org new file mode 100644 index 0000000..70bbeca --- /dev/null +++ b/gpg-agent.org @@ -0,0 +1,19 @@ +#+PROPERTY: header-args:conf :tangle tangle/gpg-agent.conf :comments org + +#+BEGIN_SRC sh :tangle no :results silent +ln -sf $(pwd)/tangle/gpg-agent.conf ~/.gnupg/gpg-agent.conf +#+END_SRC + + +#+BEGIN_SRC conf +max-cache-ttl 34560000 +#+END_SRC +* ssh password caching +#+BEGIN_SRC conf +max-cache-ttl-ssh 34560000 +#+END_SRC +* Emacs pinentry +#+BEGIN_SRC conf +allow-emacs-pinentry +allow-loopback-pinentry +#+END_SRC -- cgit v1.2.3 From 4426392a53d127bd9452000e3d7b5c0a6e5f3325 Mon Sep 17 00:00:00 2001 From: fpi Date: Wed, 26 Feb 2020 19:18:14 +0100 Subject: Enable gpg keys for ssh authentication --- gpg-agent.org | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'gpg-agent.org') diff --git a/gpg-agent.org b/gpg-agent.org index 70bbeca..3ba28c4 100644 --- a/gpg-agent.org +++ b/gpg-agent.org @@ -2,6 +2,7 @@ #+BEGIN_SRC sh :tangle no :results silent ln -sf $(pwd)/tangle/gpg-agent.conf ~/.gnupg/gpg-agent.conf +ln -sf $(pwd)/tangle/sshcontrol ~/.gnupg/sshcontrol #+END_SRC @@ -17,3 +18,11 @@ max-cache-ttl-ssh 34560000 allow-emacs-pinentry allow-loopback-pinentry #+END_SRC +* Enable use as ssh keys +#+begin_src conf +enable-ssh-support +#+end_src + +#+begin_src conf :tangle tangle/sshcontrol +4AFDEF6B35160F892F61666CE891B2456D755807 +#+end_src -- cgit v1.2.3 From c9d71cab67bd90becfa1472d3af9220f367f2ee3 Mon Sep 17 00:00:00 2001 From: fpi Date: Sun, 5 Apr 2020 20:00:32 +0200 Subject: Update symlinks --- gpg-agent.org | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'gpg-agent.org') diff --git a/gpg-agent.org b/gpg-agent.org index 3ba28c4..02e2d55 100644 --- a/gpg-agent.org +++ b/gpg-agent.org @@ -1,8 +1,8 @@ #+PROPERTY: header-args:conf :tangle tangle/gpg-agent.conf :comments org -#+BEGIN_SRC sh :tangle no :results silent -ln -sf $(pwd)/tangle/gpg-agent.conf ~/.gnupg/gpg-agent.conf -ln -sf $(pwd)/tangle/sshcontrol ~/.gnupg/sshcontrol +#+BEGIN_SRC sh :tangle tangle/symlink.sh :results silent :shebang "#!/bin/bash" +ln -siv $(pwd)/tangle/gpg-agent.conf ~/.gnupg/gpg-agent.conf +ln -siv $(pwd)/tangle/sshcontrol ~/.gnupg/sshcontrol #+END_SRC -- cgit v1.2.3 From 2397c8941dee65403bd826f4d443f8dcdff33b51 Mon Sep 17 00:00:00 2001 From: fpi Date: Mon, 8 Jun 2020 19:57:11 +0200 Subject: Set a default ttl and decrease max ttl --- gpg-agent.org | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'gpg-agent.org') diff --git a/gpg-agent.org b/gpg-agent.org index 02e2d55..75493fa 100644 --- a/gpg-agent.org +++ b/gpg-agent.org @@ -7,11 +7,13 @@ ln -siv $(pwd)/tangle/sshcontrol ~/.gnupg/sshcontrol #+BEGIN_SRC conf -max-cache-ttl 34560000 +default-cache-ttl 10800 +max-cache-ttl 172800 #+END_SRC * ssh password caching #+BEGIN_SRC conf -max-cache-ttl-ssh 34560000 +default-cache-ttl-ssh 10800 +max-cache-ttl-ssh 172800 #+END_SRC * Emacs pinentry #+BEGIN_SRC conf -- cgit v1.2.3 From e57df7a5e6950f00a4f3581bc914705d2132d499 Mon Sep 17 00:00:00 2001 From: fpi Date: Sun, 31 Jan 2021 15:09:32 +0100 Subject: Add pam-gnupg to unlock gpg/ssh keys after login --- gpg-agent.org | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to 'gpg-agent.org') diff --git a/gpg-agent.org b/gpg-agent.org index 75493fa..51f6cec 100644 --- a/gpg-agent.org +++ b/gpg-agent.org @@ -3,6 +3,7 @@ #+BEGIN_SRC sh :tangle tangle/symlink.sh :results silent :shebang "#!/bin/bash" ln -siv $(pwd)/tangle/gpg-agent.conf ~/.gnupg/gpg-agent.conf ln -siv $(pwd)/tangle/sshcontrol ~/.gnupg/sshcontrol +ln -siv $(pwd)/tangle/pam-gnupg ~/.config/pam-gnupg #+END_SRC @@ -25,6 +26,26 @@ allow-loopback-pinentry enable-ssh-support #+end_src -#+begin_src conf :tangle tangle/sshcontrol +#+begin_src conf :tangle tangle/sshcontrol :comments no +4AFDEF6B35160F892F61666CE891B2456D755807 +#+end_src +* Unlocking upon login + +[[https://github.com/cruegge/pam-gnupg][pam-gnupg]] is an alternative to =gnome-keyring= to unlock gpg keys upon login. This only works when user and gpg key share the same passphrase. + +Start it by adding this to the relevant login pam files (in =/etc/pam.d=). +#+begin_src conf :tangle no +auth optional pam_gnupg.so store-only +session optional pam_gnupg.so +#+end_src +Allow preset passphrases for =pam-gnupg=. +#+begin_src conf +allow-preset-passphrase +#+end_src + + +The =pam-gnupg= config file only contains a list of keygrips of keys you want to unlock upon login. It works for both gpg and ssh keys. +#+begin_src conf :tangle tangle/pam-gnupg :comments no +DE37E13DE16DB3219D74410F4C20021624CC19E3 4AFDEF6B35160F892F61666CE891B2456D755807 #+end_src -- cgit v1.2.3 From cf5262c952b59485391c12417446377d5bd0afe1 Mon Sep 17 00:00:00 2001 From: fpi Date: Fri, 20 May 2022 23:55:55 +0200 Subject: Make gpg-agent.conf read-only --- gpg-agent.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gpg-agent.org') diff --git a/gpg-agent.org b/gpg-agent.org index 51f6cec..1db4895 100644 --- a/gpg-agent.org +++ b/gpg-agent.org @@ -1,4 +1,4 @@ -#+PROPERTY: header-args:conf :tangle tangle/gpg-agent.conf :comments org +#+PROPERTY: header-args:conf :tangle tangle/gpg-agent.conf :comments org :tangle-mode (identity #o444) #+BEGIN_SRC sh :tangle tangle/symlink.sh :results silent :shebang "#!/bin/bash" ln -siv $(pwd)/tangle/gpg-agent.conf ~/.gnupg/gpg-agent.conf -- cgit v1.2.3