How to use gpg signature key on a remote server?

Question

How to use gpg signature key on a remote server?

Is there a way to use the gpg key on a remote server to sign gpg (command line tool) in linux?

I use gpg to sign binaries on localhost using test keys. Now I want to use the same type of keys that the server accesses. I am looking for an implementation by simply changing the arguments of the gpg tool.

+4

linux ssh gnupg

ataman May 05 '15 at 4:06 pm

source share

1 answer

Ram-Z · Answer 1 · 2016-04-22T23:01:07+0000

You can do this with OpenSSH>=6.7andGnuPG>=2.1.

OpenSSH 6.7 introduced unix socket forwarding, which will be used to forward the gpg-agent socket. And GnuPG 2.1 got rid of secring.gpgdelegating private key management before gpg-agent. This avoids the need to store the private key on a remote machine.

First you need to configure an additional socket on the local client. Add this line to yourgpg-agent.conf

extra-socket /path/to/extra-socket

Reboot gpg-agent

pkill gpg-agent
gpg-connect-agent /bye

Open an ssh connection with the remote server and send the gpg-agent server server back to the client (make sure that it gpg-agentis not already running on the remote computer)

ssh -R ${GNUPGHOME:-~/.gnupg}/S.gpg-agent:/path/to/extra-socket remote-server

Note. GNUPGHOMErefers to the gnupg home folder on the remote . If it is different from the local one GNUPGHOME, you will have to adapt it.

/ , keyring.

. , pinentry (qt, gtk) gpg-agent.conf, , .

OpenSSH . OpenSSH . sshd_config,

StreamLocalBindUnlink yes

script (.zlogout, .bash_logout,...)

rm ${GNUPGHOME:-~/gnupg}/S.gpg-agent

How to use gpg signature key on a remote server?

More articles: