Hot on the heels of SSH goodness, here are some tips relating to the use of GPG.
Almost everyone who uses SSH probably uses ssh-agent to manage their SSH passphrase.
However, until Friday, I’d never done the same thing for GPG. You use your GPG passphrase for digitally signing email and decrypting messages, for using secure jabber chat sessions and for more general-purpose encryption. Each time you use the key, you need to type your passphrase. This can get annoying if you have to keep on doing this time and again, especially if you are sensibly paranoid and have a long, complicated passphrase.
Enter GPG-Agent, stage left.
If you’re running Debian, just “apt-get install gnupg-agent”. Then stick “use-agent” into ~/.gnupg/options. Next time you start X, the GPG agent will be activated (well, it is under Debian, probably other sensible distros too). You will get a prompt from a new ‘pin-entry’ program for your passphrase the first time it is needed and then your passphrase will be cached. By default, it’s only cached for 10 minutes: to change this, put “default-cache-ttl N” in ~/.gnupg/gpg-agent.conf, where N is the number of seconds to cache for.
Most graphical apps will use the agent automatically. For Mutt, a little more config is required: put “set pgp_use_gpg_agent” in ~/.muttrc and also (for some reason) “export GPG_TTY=`tty`” into ~/.bashrc
Works very, very nicely.
And, while we’re at it, how about some transparent handling of encryption when editing encrypted files with Vim?
Rather than doing:
gpg something.txt.gpg (Type passphrase) vim something.txt (Edit) gpg -er my-email-address something.txt
wouldn’t it be nice just to do “vim something.txt.gpg”?
Install “vim-scripts” and copy /usr/share/vim-scripts/plugin/gnupg.vim to your ~/.vim/plugin directory. Next time you edit a file with a .gpg extension, you will automatically be prompted for the passphrase, the file will be decrypted on the fly, and you can edit it. When saving, the process is reversed, and the encrypted version of the file is written back to the disk. The plugin ensures that no temporary files or other information is written to the disk in plain text. If you just want to read the file without editing it, use “view something.txt.gpg” instead (‘view’ is the same as starting vim with the read-only flag ‘-R’).
Don’t you just love it when a plan comes together?