Ok, I figured out the cause of the problem I was having. As is indicated in your message, one must have the corresponding public keys in the remote keyring before the secret keys from the forwarded gpg-agent are listed as available.
Thank you Thomas. I hope others will find this useful. On 10/18/2016 12:58 PM, Thomas Glanzmann wrote: > Hello Kevin, > >> Thanks for the advice. But as I mentioned, I tried using GnuPG 2.1.15 >> on the target machine as well (via the packages in Debian sid), and >> this did not work. gpg2 is simply not speaking to the forwarded >> gpg-agent socket, however gpg-connect-agent can. Any other ideas? > Check your configuration (gpg-agent.conf and gpg.conf). You have to put > this two files on the remote and local machine. Also Understand how gpg > 2.1.x interacts with gnupg from the diagram below. Enable debugging in > the gpg agent. > > Forward GPG socket > ------------------ > # On the server > echo 'StreamLocalBindUnlink yes' >> /etc/ssh/sshd_config > sudo /etc/init.d/ssh restart > > # On the client > ssh -R > /home/sithglan/.gnupg/S.gpg-agent:/home/sithglan/.gnupg/S.gpg-agent-extra > gmvl.de > > List secret keys > ---------------- > gpg-connect-agent "keyinfo --list" /bye > > GPG Agent Configuration > ----------------------- > .gnupg/gpg-agent.conf > pinentry-program /usr/bin/pinentry > extra-socket /home/sithglan/.gnupg/S.gpg-agent-extra > enable-ssh-support > default-cache-ttl 600 > max-cache-ttl 7200 > keep-tty > keep-display > # debug-level guru > # debug-all > # log-file /tmp/gpg-agent.log > > Remote GPG Setup > ---------------- > # Achtung vorher Backup machen > rm .gnupg/secring* .gnupg/pubring* .gnupg/private-keys-v1.d/* > # For every public key > gpg2 --recv-key 0x9D106472D6D50DBA > gpg2 --recv-key 0x03BF970657E19B02 > > # After that private keys should be listed > gpg2 -K > > cat <<EOF > .gnupg/gpg.conf > keyserver hkps://hkps.pool.sks-keyservers.net > keyserver-options no-honor-keyserver-url > cert-digest-algo SHA512 > no-greeting > lock-once > default-key 1DD3BBDC897A94CD03F451B09D106472D6D50DBA > encrypt-to 1DD3BBDC897A94CD03F451B09D106472D6D50DBA > keyid-format 0xlong > use-agent > with-fingerprint > quiet > default-recipient-self > no-secmem-warning > keyserver-options auto-key-retrieve > no-auto-check-trustdb > default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 > ZLIB BZIP2 ZIP Uncompressed > EOF > > GNUPG Interaction > ----------------- > > Here are steps and the interaction. > > (1) here are the processes > [gpgme]----[gpg]====[gpg-agent]----[scdaemon] > ^--- possibly by forwarded socket > > (2) A client program (Mutt, in your case) asks decryption through gpgme > decrypt > [gpgme]--->[gpg]----[gpg-agent]----[scdaemon] > > (3) it goes to scdaemon > decrypt > [gpgme]----[gpg]--->[gpg-agent]----[scdaemon] > > decrypt > [gpgme]----[gpg]----[gpg-agent]--->[scdaemon] > > (4) if the token is not authenticated yet, > scdaemon asks a user PIN back through gpg-agent > "PIN please" > [gpgme]----[gpg]----[gpg-agent]<---[scdaemon] > > > (5) Then, gpg-agent invokes pinentry. > [gpgme]----[gpg]----[gpg-agent]----[scdaemon] > | > [pinentry]<---/ > > (6) pinentry pops up GUI dialog window to user. > [gpgme]----[gpg]----[gpg-agent]----[scdaemon] > | > User <----[pinentry]----/ > > (7) User inputs PIN by the dialog. > [gpgme]----[gpg]----[gpg-agent]----[scdaemon] > | > User ---->[pinentry]----/ > PIN > > [gpgme]----[gpg]----[gpg-agent]----[scdaemon] > ^ > [pinentry]----/ > PIN > > PIN > [gpgme]----[gpg]----[gpg-agent]--->[scdaemon] > > (8) scdaemon sends the pin to the token to authenticate. > PIN > [gpgme]----[gpg]----[gpg-agent]----[scdaemon]-->[token] > > (9) Token is ready to decrypt, now. > scdaemon sends encrypted message to the token. > decrypt > [gpgme]----[gpg]----[gpg-agent]----[scdaemon]-->[token] > > (10) token replies back by decrypted message.... to gpgme. > decrypted > [gpgme]----[gpg]----[gpg-agent]----[scdaemon]<--[token] > > decrypted > [gpgme]----[gpg]----[gpg-agent]<---[scdaemon] > > decrypted > [gpgme]----[gpg]<---[gpg-agent]----[scdaemon] > > decrypted > [gpgme]<---[gpg]----[gpg-agent]----[scdaemon] > > Cheers, > Thomas
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
