Skip to content

Instantly share code, notes, and snippets.

@nl5887
Last active November 14, 2022 09:37
Show Gist options
  • Save nl5887/3c9ad55bdab95e8ba9f8 to your computer and use it in GitHub Desktop.
Save nl5887/3c9ad55bdab95e8ba9f8 to your computer and use it in GitHub Desktop.
Using GPG Agent on OS-X
launchctl unload -w -S Aqua /System/Library/LaunchAgents/gpg.agent.daemon.plist
launchctl load -w -S Aqua /System/Library/LaunchAgents/gpg.agent.daemon.plist
use-standard-socket
enable-ssh-support
default-cache-ttl 14400
max-cache-ttl 86400
#pinentry-program /usr/local/bin/pinentry-mac
log-file /var/log/gpg-agent.log
write-env-file /Users/remco/.gnupg/gpg-agent-info
pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>gpg.agent.daemon</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/MacGPG2/bin/gpg-agent</string>
<string>--daemon</string>
<string>--options</string>
<string>/Users/remco/.gnupg/gpg-agent.conf</string>
<string>--enable-ssh-support</string>
<string>--log-file</string>
<string>/var/log/gpg-agent.log</string>
<string>--write-env-file</string>
<string>/Users/remco/.gnupg/gpg-agent-info</string>
</array>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SecureSocketWithKey</key>
<string>SSH_AUTH_SOCK</string>
</dict>
</dict>
<key>StandardOutPath</key>
<string>/var/log/gpg-agent.stdout.log</string>
<key>StandardErrorPath</key>
<string>/var/log/gpg-agent.error.log</string>
<!--
<key>RunAtLoad</key>
<true/>
<key>EnableTransactions</key>
<true/>
-->
<key>Umask</key>
<integer>63</integer>
</dict>
</plist>
@mikegreiling
Copy link

If the option --enable-ssh-support is used the auto-start mechanism does not work

if you're using GPG in place of ssh-agent it looks like this solution (or some variation of it) is still necessary

@drew1kun
Copy link

drew1kun commented Jun 6, 2018

Does anyone succeeded interchanging ssh-agent with gpg-agent on MacOS(High Sierra here). How would you guys set globally the SSH_AUTH_SOCK env var? Tried it with launchctl setenv:

$ launchctl setenv SSH_AUTH_SOCK ${HOME}/.gnupg/S.gpg-agent.ssh
$ launchctl getenv SSH_AUTH_SOCK
/Users/drew/.gnupg/S.gpg-agent.ssh

But then:

$ echo $SSH_AUTH_SOCK
/private/tmp/com.apple.launchd.IjNASGcnxM/Listeners

So it seems like the variable set with launchd is ignored...

@genevera
Copy link

genevera commented Sep 3, 2019

Does anyone succeeded interchanging ssh-agent with gpg-agent on MacOS(High Sierra here). How would you guys set globally the SSH_AUTH_SOCK env var? Tried it with launchctl setenv:

$ launchctl setenv SSH_AUTH_SOCK ${HOME}/.gnupg/S.gpg-agent.ssh
$ launchctl getenv SSH_AUTH_SOCK
/Users/drew/.gnupg/S.gpg-agent.ssh

But then:

$ echo $SSH_AUTH_SOCK
/private/tmp/com.apple.launchd.IjNASGcnxM/Listeners

So it seems like the variable set with launchd is ignored...

@drew-kun You'd need to start a new shell that doesn't overwrite that env var, IIRC.

     setenv key value
              Specify an environment variable to be set on all future processes launched by launchd in the
              caller's context.

@fr-rose-steven
Copy link

Confirming the first post still works on Mojave.

@laggardkernel
Copy link

Totally outdated. It doesn't work at all.

@rsurjano
Copy link

it doesn't work for me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment