g-g-gnupg-1.png

    Commands

      Show public keys

      Export public key

      Import public key

    Agent

      Show socket locations

      Forwarding

        Setup on the remote server

        Setup on the local machine

Commands

Show public keys

$ gpg --list-keys
/home/racke/.gnupg/pubring.kbx
------------------------------
pub   rsa4096 2015-03-07 [SC]
      D6814975A277774C98D0DFEF5B93015BFA2720F8
uid           [ unknown] Stefan Hornburg (Racke) <racke@linuxia.de>
sub   rsa4096 2015-03-07 [E]

Export public key

$ gpg --armor --export racke@linuxia.de > racke.asc

Import public key

$ gpg --import racke.asc
gpg: key 5B93015BFA2720F8: public key "Stefan Hornburg (Racke) <racke@linuxia.de>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Agent

Show socket locations

$ gpgconf --list-dir agent-socket
/run/user/1000/gnupg/S.gpg-agent
$ gpgconf --list-dir agent-extra-socket
/run/user/1000/gnupg/S.gpg-agent.extra

Forwarding

GnuPG agent forwarding is similar to SSH forwarding and allows to use your private key on remote servers.

Typical use cases are signing Git commits or Debian packages.

Setup on the remote server

Ensure that GnuPG is installed on the remote server.

Import your public key as shown above.

You also need to prevent that GnuPG starts the agent when you use it on the remote host. This can be done by disabling agent autostart in (~/.gnupg/gpg.conf) on the remote server:

# prevent start of local GnuPG agent
no-autostart
Setup on the local machine

The forwarding is configured in SSH configuration file (~/.ssh/config):

Host build.linuxia.de
RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra

The RemoteForward directive specifies the remote socket and the local (extra) socket.