blob: 1db4895764036c27c5c2d4a31bec07a03bae1776 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
#+PROPERTY: header-args:conf :tangle tangle/gpg-agent.conf :comments org :tangle-mode (identity #o444)
#+BEGIN_SRC sh :tangle tangle/symlink.sh :results silent :shebang "#!/bin/bash"
ln -siv $(pwd)/tangle/gpg-agent.conf ~/.gnupg/gpg-agent.conf
ln -siv $(pwd)/tangle/sshcontrol ~/.gnupg/sshcontrol
ln -siv $(pwd)/tangle/pam-gnupg ~/.config/pam-gnupg
#+END_SRC
#+BEGIN_SRC conf
default-cache-ttl 10800
max-cache-ttl 172800
#+END_SRC
* ssh password caching
#+BEGIN_SRC conf
default-cache-ttl-ssh 10800
max-cache-ttl-ssh 172800
#+END_SRC
* Emacs pinentry
#+BEGIN_SRC conf
allow-emacs-pinentry
allow-loopback-pinentry
#+END_SRC
* Enable use as ssh keys
#+begin_src conf
enable-ssh-support
#+end_src
#+begin_src conf :tangle tangle/sshcontrol :comments no
4AFDEF6B35160F892F61666CE891B2456D755807
#+end_src
* Unlocking upon login
[[https://github.com/cruegge/pam-gnupg][pam-gnupg]] is an alternative to =gnome-keyring= to unlock gpg keys upon login. This only works when user and gpg key share the same passphrase.
Start it by adding this to the relevant login pam files (in =/etc/pam.d=).
#+begin_src conf :tangle no
auth optional pam_gnupg.so store-only
session optional pam_gnupg.so
#+end_src
Allow preset passphrases for =pam-gnupg=.
#+begin_src conf
allow-preset-passphrase
#+end_src
The =pam-gnupg= config file only contains a list of keygrips of keys you want to unlock upon login. It works for both gpg and ssh keys.
#+begin_src conf :tangle tangle/pam-gnupg :comments no
DE37E13DE16DB3219D74410F4C20021624CC19E3
4AFDEF6B35160F892F61666CE891B2456D755807
#+end_src
|
