I only use gpg in the context of pass.
However to make the gpg key stay unlocked for longer so pass
prompts less, I configure gpg as follows:
~/.gnupg/gpg-agent.conf
:
default-cache-ttl 28800
max-cache-ttl 28800
Then reload the config as follows:
$ gpgconf --kill gpg-agent
This keeps your gpg key unlocked for 8 hours (8 hours * 60 minutes / hour * 60 seconds / minute).
The other reason I interact with gpg
directly is to export and import my secret key.
Here’s what I use to export:
$ gpg --export-secret-keys --armor > gpg.txt
And to import (after copying to the new device):
$ gpg --import gpg.txt
# (it will prompt for you to unlock the key here)
...
gpg: secret keys imported: 1
You’ll also have to trust it:
$ gpg --edit-key razzi@abuissa.net
...
gpg> trust
...
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
After you’ve imported the gpg key it’s a good idea to remove the gpg.txt
.
I also have an expect script for automating the trusting of the key, trust_gpg.exp
:
set key_name [lindex $argv 0];
if { $key_name eq "" } {
puts "Usage: expect trust_gpg.exp KEYNAME"
exit 1
}
spawn gpg --edit-key $key_name
expect "gpg> "
send "trust\n"
expect "Your decision? "
send "5\n"
expect "Do you really want to set this key to ultimate trust? (y/N) "
send "y\n"
expect "gpg> "
send "quit\n"
expect eof
It can be invoked with:
$ expect trust_gpg.exp razzi@abuissa.net