GPG-AGENT(1) GNU Privacy Guard 2.2 GPG-AGENT(1)
NAME
gpg-agent - Secret key management for GnuPG
SYNOPSIS
gpg-agent [--homedir dir] [--options file] [options]
gpg-agent [--homedir dir] [--options file] [options] --server
gpg-agent [--homedir dir] [--options file] [options] --daemon [com-
mand_line]
DESCRIPTION
gpg-agent is a daemon to manage secret (private) keys independently
from any protocol. It is used as a backend for gpg and gpgsm as well
as for a couple of other utilities.
The agent is automatically started on demand by gpg, gpgsm, gpgconf, or
gpg-connect-agent. Thus there is no reason to start it manually. In
case you want to use the included Secure Shell Agent you may start the
agent using:
gpg-connect-agent /bye
If you want to manually terminate the currently-running agent, you can
safely do so with:
gpgconf --kill gpg-agent
You should always add the following lines to your .bashrc or whatever
initialization file is used for all shell invocations:
GPG_TTY=$(tty)
export GPG_TTY
It is important that this environment variable always reflects the out-
put of the tty command. For W32 systems this option is not required.
Please make sure that a proper pinentry program has been installed un-
der the default filename (which is system dependent) or use the option
pinentry-program to specify the full name of that program. It is often
useful to install a symbolic link from the actual used pinentry (e.g.
'/usr/bin/pinentry-gtk') to the expected one (e.g. '/usr/bin/pinen-
try').
COMMANDS
Commands are not distinguished from options except for the fact that
only one command is allowed.
--version
Print the program version and licensing information. Note that
you cannot abbreviate this command.
--help
-h Print a usage message summarizing the most useful command-line
options. Note that you cannot abbreviate this command.
--dump-options
Print a list of all available options and commands. Note that
you cannot abbreviate this command.
--server
Run in server mode and wait for commands on the stdin. The de-
fault mode is to create a socket and listen for commands there.
--daemon [command line]
Start the gpg-agent as a daemon; that is, detach it from the
console and run it in the background.
As an alternative you may create a new process as a child of
gpg-agent: gpg-agent --daemon /bin/sh. This way you get a new
shell with the environment setup properly; after you exit from
this shell, gpg-agent terminates within a few seconds.
--supervised
Run in the foreground, sending logs by default to stderr, and
listening on provided file descriptors, which must already be
bound to listening sockets. This command is useful when running
under systemd or other similar process supervision schemes.
This option is not supported on Windows.
In --supervised mode, different file descriptors can be provided
for use as different socket types (e.g. ssh, extra) as long as
they are identified in the environment variable LISTEN_FDNAMES
(see sd_listen_fds(3) on some Linux distributions for more in-
formation on this convention).
OPTIONS
Options may either be used on the command line or, after stripping off
the two leading dashes, in the configuration file.
--options file
Reads configuration from file instead of from the default per-
user configuration file. The default configuration file is
named 'gpg-agent.conf' and expected in the '.gnupg' directory
directly below the home directory of the user. This option is
ignored if used in an options file.
--homedir dir
Set the name of the home directory to dir. If this option is not
used, the home directory defaults to '~/.gnupg'. It is only
recognized when given on the command line. It also overrides
any home directory stated through the environment variable
'GNUPGHOME' or (on Windows systems) by means of the Registry en-
try HKCU\Software\GNU\GnuPG:HomeDir.
On Windows systems it is possible to install GnuPG as a portable
application. In this case only this command line option is con-
sidered, all other ways to set a home directory are ignored.
To install GnuPG as a portable application under Windows, create
an empty file named 'gpgconf.ctl' in the same directory as the
tool 'gpgconf.exe'. The root of the installation is then that
directory; or, if 'gpgconf.exe' has been installed directly be-
low a directory named 'bin', its parent directory. You also
need to make sure that the following directories exist and are
writable: 'ROOT/home' for the GnuPG home and
'ROOT/var/cache/gnupg' for internal cache files.
-v
--verbose
Outputs additional information while running. You can increase
the verbosity by giving several verbose commands to gpg-agent,
such as '-vv'.
-q
--quiet
Try to be as quiet as possible.
--batch
Don't invoke a pinentry or do any other thing requiring human
interaction.
--faked-system-time epoch
This option is only useful for testing; it sets the system time
back or forth to epoch which is the number of seconds elapsed
since the year 1970.
--debug-level level
Select the debug level for investigating problems. level may be
a numeric value or a keyword:
none No debugging at all. A value of less than 1 may be used
instead of the keyword.
basic Some basic debug messages. A value between 1 and 2 may
be used instead of the keyword.
advanced
More verbose debug messages. A value between 3 and 5 may
be used instead of the keyword.
expert Even more detailed messages. A value between 6 and 8 may
be used instead of the keyword.
guru All of the debug messages you can get. A value greater
than 8 may be used instead of the keyword. The creation
of hash tracing files is only enabled if the keyword is
used.
How these messages are mapped to the actual debugging flags is not
specified and may change with newer releases of this program. They are
however carefully selected to best aid in debugging.
--debug flags
This option is only useful for debugging and the behavior may
change at any time without notice. FLAGS are bit encoded and
may be given in usual C-Syntax. The currently defined bits are:
0 (1) X.509 or OpenPGP protocol related data
1 (2) values of big number integers
2 (4) low level crypto operations
5 (32) memory allocation
6 (64) caching
7 (128)
show memory statistics
9 (512)
write hashed data to files named dbgmd-000*
10 (1024)
trace Assuan protocol
12 (4096)
bypass all certificate validation
--debug-all
Same as --debug=0xffffffff
--debug-wait n
When running in server mode, wait n seconds before entering the
actual processing loop and print the pid. This gives time to
attach a debugger.
--debug-quick-random
This option inhibits the use of the very secure random quality
level (Libgcrypts GCRY_VERY_STRONG_RANDOM) and degrades all re-
quest down to standard random quality. It is only used for
testing and should not be used for any production quality keys.
This option is only effective when given on the command line.
On GNU/Linux, another way to quickly generate insecure keys is
to use rngd to fill the kernel's entropy pool with lower quality
random data. rngd is typically provided by the rng-tools pack-
age. It can be run as follows: 'sudo rngd -f -r /dev/urandom'.
--debug-pinentry
This option enables extra debug information pe.
GPG-AGENT(1) GNU Privacy Guard 2.2 GPG-AGENT(1)
NAME
gpg-agent - Secret key management for GnuPG
SYNOPSIS
gpg-agent [--homedir dir] [--options file] [options]
gpg-agent [--homedir dir] [--options file] [options] --server
gpg-agent [--homedir dir] [--options file] [options] --daemon [com-
mand_line]
DESCRIPTION
gpg-agent is a daemon to manage secret (private) keys independently
from any protocol. It is used as a backend for gpg and gpgsm as well
as for a couple of other utilities.
The agent is automatically started on demand by gpg, gpgsm, gpgconf, or
gpg-connect-agent. Thus there is no reason to start it manually. In
case you want to use the included Secure Shell Agent you may start the
agent using:
gpg-connect-agent /bye
If you want to manually terminate the currently-running agent, you can
safely do so with:
gpgconf --kill gpg-agent
You should always add the following lines to your .bashrc or whatever
initialization file is used for all shell invocations:
GPG_TTY=$(tty)
export GPG_TTY
It is important that this environment variable always reflects the out-
put of the tty command. For W32 systems this option is not required.
Please make sure that a proper pinentry program has been installed un-
der the default filename (which is system dependent) or use the option
pinentry-program to specify the full name of that program. It is often
useful to install a symbolic link from the actual used pinentry (e.g.
'/usr/bin/pinentry-gtk') to the expected one (e.g. '/usr/bin/pinen-
try').
COMMANDS
Commands are not distinguished from options except for the fact that
only one command is allowed.
--version
Print the program version and licensing information. Note that
you cannot abbreviate this command.
--help
-h Print a usage message summarizing the most useful command-line
options. Note that you cannot abbreviate this command.
--dump-options
Print a list of all available options and commands. Note that
you cannot abbreviate this command.
--server
Run in server mode and wait for commands on the stdin. The de-
fault mode is to create a socket and listen for commands there.
--daemon [command line]
Start the gpg-agent as a daemon; that is, detach it from the
console and run it in the background.
As an alternative you may create a new process as a child of
gpg-agent: gpg-agent --daemon /bin/sh. This way you get a new
shell with the environment setup properly; after you exit from
this shell, gpg-agent terminates within a few seconds.
--supervised
Run in the foreground, sending logs by default to stderr, and
listening on provided file descriptors, which must already be
bound to listening sockets. This command is useful when running
under systemd or other similar process supervision schemes.
This option is not supported on Windows.
In --supervised mode, different file descriptors can be provided
for use as different socket types (e.g. ssh, extra) as long as
they are identified in the environment variable LISTEN_FDNAMES
(see sd_listen_fds(3) on some Linux distributions for more in-
formation on this convention).
OPTIONS
Options may either be used on the command line or, after stripping off
the two leading dashes, in the configuration file.
--options file
Reads configuration from file instead of from the default per-
user configuration file. The default configuration file is
named 'gpg-agent.conf' and expected in the '.gnupg' directory
directly below the home directory of the user. This option is
ignored if used in an options file.
--homedir dir
Set the name of the home directory to dir. If this option is not
used, the home directory defaults to '~/.gnupg'. It is only
recognized when given on the command line. It also overrides
any home directory stated through the environment variable
'GNUPGHOME' or (on Windows systems) by means of the Registry en-
try HKCU\Software\GNU\GnuPG:HomeDir.
On Windows systems it is possible to install GnuPG as a portable
application. In this case only this command line option is con-
sidered, all other ways to set a home directory are ignored.
To install GnuPG as a portable application under Windows, create
an empty file named 'gpgconf.ctl' in the same directory as the
tool 'gpgconf.exe'. The root of the installation is then that
directory; or, if 'gpgconf.exe' has been installed directly be-
low a directory named 'bin', its parent directory. You also
need to make sure that the following directories exist and are
writable: 'ROOT/home' for the GnuPG home and
'ROOT/var/cache/gnupg' for internal cache files.
-v
--verbose
Outputs additional information while running. You can increase
the verbosity by giving several verbose commands to gpg-agent,
such as '-vv'.
-q
--quiet
Try to be as quiet as possible.
--batch
Don't invoke a pinentry or do any other thing requiring human
interaction.
--faked-system-time epoch
This option is only useful for testing; it sets the system time
back or forth to epoch which is the number of seconds elapsed
since the year 1970.
--debug-level level
Select the debug level for investigating problems. level may be
a numeric value or a keyword:
none No debugging at all. A value of less than 1 may be used
instead of the keyword.
basic Some basic debug messages. A value between 1 and 2 may
be used instead of the keyword.
advanced
More verbose debug messages. A value between 3 and 5 may
be used instead of the keyword.
expert Even more detailed messages. A value between 6 and 8 may
be used instead of the keyword.
guru All of the debug messages you can get. A value greater
than 8 may be used instead of the keyword. The creation
of hash tracing files is only enabled if the keyword is
used.
How these messages are mapped to the actual debugging flags is not
specified and may change with newer releases of this program. They are
however carefully selected to best aid in debugging.
--debug flags
This option is only useful for debugging and the behavior may
change at any time without notice. FLAGS are bit encoded and
may be given in usual C-Syntax. The currently defined bits are:
0 (1) X.509 or OpenPGP protocol related data
1 (2) values of big number integers
2 (4) low level crypto operations
5 (32) memory allocation
6 (64) caching
7 (128)
show memory statistics
9 (512)
write hashed data to files named dbgmd-000*
10 (1024)
trace Assuan protocol
12 (4096)
bypass all certificate validation
--debug-all
Same as --debug=0xffffffff
--debug-wait n
When running in server mode, wait n seconds before entering the
actual processing loop and print the pid. This gives time to
attach a debugger.
--debug-quick-random
This option inhibits the use of the very secure random quality
level (Libgcrypts GCRY_VERY_STRONG_RANDOM) and degrades all re-
quest down to standard random quality. It is only used for
testing and should not be used for any production quality keys.
This option is only effective when given on the command line.
On GNU/Linux, another way to quickly generate insecure keys is
to use rngd to fill the kernel's entropy pool with lower quality
random data. rngd is typically provided by the rng-tools pack-
age. It can be run as follows: 'sudo rngd -f -r /dev/urandom'.
--debug-pinentry
This option enables extra debug information pe.
GPG-AGENT(1) GNU Privacy Guard 2.2 GPG-AGENT(1)
NAME
gpg-agent - Secret key management for GnuPG
SYNOPSIS
gpg-agent [--homedir dir] [--options file] [options]
gpg-agent [--homedir dir] [--options file] [options] --server
gpg-agent [--homedir dir] [--options file] [options] --daemon [com-
mand_line]
DESCRIPTION
gpg-agent is a daemon to manage secret (private) keys independently
from any protocol. It is used as a backend for gpg and gpgsm as well
as for a couple of other utilities.
The agent is automatically started on demand by gpg, gpgsm, gpgconf, or
gpg-connect-agent. Thus there is no reason to start it manually. In
case you want to use the included Secure Shell Agent you may start the
agent using:
gpg-connect-agent /bye
If you want to manually terminate the currently-running agent, you can
safely do so with:
gpgconf --kill gpg-agent
You should always add the following lines to your .bashrc or whatever
initialization file is used for all shell invocations:
GPG_TTY=$(tty)
export GPG_TTY
It is important that this environment variable always reflects the out-
put of the tty command. For W32 systems this option is not required.
Please make sure that a proper pinentry program has been installed un-
der the default filename (which is system dependent) or use the option
pinentry-program to specify the full name of that program. It is often
useful to install a symbolic link from the actual used pinentry (e.g.
'/usr/bin/pinentry-gtk') to the expected one (e.g. '/usr/bin/pinen-
try').
COMMANDS
Commands are not distinguished from options except for the fact that
only one command is allowed.
--version
Print the program version and licensing information. Note that
you cannot abbreviate this command.
--help
-h Print a usage message summarizing the most useful command-line
options. Note that you cannot abbreviate this command.
--dump-options
Print a list of all available options and commands. Note that
you cannot abbreviate this command.
--server
Run in server mode and wait for commands on the stdin. The de-
fault mode is to create a socket and listen for commands there.
--daemon [command line]
Start the gpg-agent as a daemon; that is, detach it from the
console and run it in the background.
As an alternative you may create a new process as a child of
gpg-agent: gpg-agent --daemon /bin/sh. This way you get a new
shell with the environment setup properly; after you exit from
this shell, gpg-agent terminates within a few seconds.
--supervised
Run in the foreground, sending logs by default to stderr, and
listening on provided file descriptors, which must already be
bound to listening sockets. This command is useful when running
under systemd or other similar process supervision schemes.
This option is not supported on Windows.
In --supervised mode, different file descriptors can be provided
for use as different socket types (e.g. ssh, extra) as long as
they are identified in the environment variable LISTEN_FDNAMES
(see sd_listen_fds(3) on some Linux distributions for more in-
formation on this convention).
OPTIONS
Options may either be used on the command line or, after stripping off
the two leading dashes, in the configuration file.
--options file
Reads configuration from file instead of from the default per-
user configuration file. The default configuration file is
named 'gpg-agent.conf' and expected in the '.gnupg' directory
directly below the home directory of the user. This option is
ignored if used in an options file.
--homedir dir
Set the name of the home directory to dir. If this option is not
used, the home directory defaults to '~/.gnupg'. It is only
recognized when given on the command line. It also overrides
any home directory stated through the environment variable
'GNUPGHOME' or (on Windows systems) by means of the Registry en-
try HKCU\Software\GNU\GnuPG:HomeDir.
On Windows systems it is possible to install GnuPG as a portable
application. In this case only this command line option is con-
sidered, all other ways to set a home directory are ignored.
To install GnuPG as a portable application under Windows, create
an empty file named 'gpgconf.ctl' in the same directory as the
tool 'gpgconf.exe'. The root of the installation is then that
directory; or, if 'gpgconf.exe' has been installed directly be-
low a directory named 'bin', its parent directory. You also
need to make sure that the following directories exist and are
writable: 'ROOT/home' for the GnuPG home and
'ROOT/var/cache/gnupg' for internal cache files.
-v
--verbose
Outputs additional information while running. You can increase
the verbosity by giving several verbose commands to gpg-agent,
such as '-vv'.
-q
--quiet
Try to be as quiet as possible.
--batch
Don't invoke a pinentry or do any other thing requiring human
interaction.
--faked-system-time epoch
This option is only useful for testing; it sets the system time
back or forth to epoch which is the number of seconds elapsed
since the year 1970.
--debug-level level
Select the debug level for investigating problems. level may be
a numeric value or a keyword:
none No debugging at all. A value of less than 1 may be used
instead of the keyword.
basic Some basic debug messages. A value between 1 and 2 may
be used instead of the keyword.
advanced
More verbose debug messages. A value between 3 and 5 may
be used instead of the keyword.
expert Even more detailed messages. A value between 6 and 8 may
be used instead of the keyword.
guru All of the debug messages you can get. A value greater
than 8 may be used instead of the keyword. The creation
of hash tracing files is only enabled if the keyword is
used.
How these messages are mapped to the actual debugging flags is not
specified and may change with newer releases of this program. They are
however carefully selected to best aid in debugging.
--debug flags
This option is only useful for debugging and the behavior may
change at any time without notice. FLAGS are bit encoded and
may be given in usual C-Syntax. The currently defined bits are:
0 (1) X.509 or OpenPGP protocol related data
1 (2) values of big number integers
2 (4) low level crypto operations
5 (32) memory allocation
6 (64) caching
7 (128)
show memory statistics
9 (512)
write hashed data to files named dbgmd-000*
10 (1024)
trace Assuan protocol
12 (4096)
bypass all certificate validation
--debug-all
Same as --debug=0xffffffff
--debug-wait n
When running in server mode, wait n seconds before entering the
actual processing loop and print the pid. This gives time to
attach a debugger.
--debug-quick-random
This option inhibits the use of the very secure random quality
level (Libgcrypts GCRY_VERY_STRONG_RANDOM) and degrades all re-
quest down to standard random quality. It is only used for
testing and should not be used for any production quality keys.
This option is only effective when given on the command line.
On GNU/Linux, another way to quickly generate insecure keys is
to use rngd to fill the kernel's entropy pool with lower quality
random data. rngd is typically provided by the rng-tools pack-
age. It can be run as follows: 'sudo rngd -f -r /dev/urandom'.
--debug-pinentry
This option enables extra debug information pe.
GPG-AGENT(1) GNU Privacy Guard 2.2 GPG-AGENT(1)
NAME
gpg-agent - Secret key management for GnuPG
SYNOPSIS
gpg-agent [--homedir dir] [--options file] [options]
gpg-agent [--homedir dir] [--options file] [options] --server
gpg-agent [--homedir dir] [--options file] [options] --daemon [com-
mand_line]
DESCRIPTION
gpg-agent is a daemon to manage secret (private) keys independently
from any protocol. It is used as a backend for gpg and gpgsm as well
as for a couple of other utilities.
The agent is automatically started on demand by gpg, gpgsm, gpgconf, or
gpg-connect-agent. Thus there is no reason to start it manually. In
case you want to use the included Secure Shell Agent you may start the
agent using:
gpg-connect-agent /bye
If you want to manually terminate the currently-running agent, you can
safely do so with:
gpgconf --kill gpg-agent
You should always add the following lines to your .bashrc or whatever
initialization file is used for all shell invocations:
GPG_TTY=$(tty)
export GPG_TTY
It is important that this environment variable always reflects the out-
put of the tty command. For W32 systems this option is not required.
Please make sure that a proper pinentry program has been installed un-
der the default filename (which is system dependent) or use the option
pinentry-program to specify the full name of that program. It is often
useful to install a symbolic link from the actual used pinentry (e.g.
'/usr/bin/pinentry-gtk') to the expected one (e.g. '/usr/bin/pinen-
try').
COMMANDS
Commands are not distinguished from options except for the fact that
only one command is allowed.
--version
Print the program version and licensing information. Note that
you cannot abbreviate this command.
--help
-h Print a usage message summarizing the most useful command-line
options. Note that you cannot abbreviate this command.
--dump-options
Print a list of all available options and commands. Note that
you cannot abbreviate this command.
--server
Run in server mode and wait for commands on the stdin. The de-
fault mode is to create a socket and listen for commands there.
--daemon [command line]
Start the gpg-agent as a daemon; that is, detach it from the
console and run it in the background.
As an alternative you may create a new process as a child of
gpg-agent: gpg-agent --daemon /bin/sh. This way you get a new
shell with the environment setup properly; after you exit from
this shell, gpg-agent terminates within a few seconds.
--supervised
Run in the foreground, sending logs by default to stderr, and
listening on provided file descriptors, which must already be
bound to listening sockets. This command is useful when running
under systemd or other similar process supervision schemes.
This option is not supported on Windows.
In --supervised mode, different file descriptors can be provided
for use as different socket types (e.g. ssh, extra) as long as
they are identified in the environment variable LISTEN_FDNAMES
(see sd_listen_fds(3) on some Linux distributions for more in-
formation on this convention).
OPTIONS
Options may either be used on the command line or, after stripping off
the two leading dashes, in the configuration file.
--options file
Reads configuration from file instead of from the default per-
user configuration file. The default configuration file is
named 'gpg-agent.conf' and expected in the '.gnupg' directory
directly below the home directory of the user. This option is
ignored if used in an options file.
--homedir dir
Set the name of the home directory to dir. If this option is not
used, the home directory defaults to '~/.gnupg'. It is only
recognized when given on the command line. It also overrides
any home directory stated through the environment variable
'GNUPGHOME' or (on Windows systems) by means of the Registry en-
try HKCU\Software\GNU\GnuPG:HomeDir.
On Windows systems it is possible to install GnuPG as a portable
application. In this case only this command line option is con-
sidered, all other ways to set a home directory are ignored.
To install GnuPG as a portable application under Windows, create
an empty file named 'gpgconf.ctl' in the same directory as the
tool 'gpgconf.exe'. The root of the installation is then that
directory; or, if 'gpgconf.exe' has been installed directly be-
low a directory named 'bin', its parent directory. You also
need to make sure that the following directories exist and are
writable: 'ROOT/home' for the GnuPG home and
'ROOT/var/cache/gnupg' for internal cache files.
-v
--verbose
Outputs additional information while running. You can increase
the verbosity by giving several verbose commands to gpg-agent,
such as '-vv'.
-q
--quiet
Try to be as quiet as possible.
--batch
Don't invoke a pinentry or do any other thing requiring human
interaction.
--faked-system-time epoch
This option is only useful for testing; it sets the system time
back or forth to epoch which is the number of seconds elapsed
since the year 1970.
--debug-level level
Select the debug level for investigating problems. level may be
a numeric value or a keyword:
none No debugging at all. A value of less than 1 may be used
instead of the keyword.
basic Some basic debug messages. A value between 1 and 2 may
be used instead of the keyword.
advanced
More verbose debug messages. A value between 3 and 5 may
be used instead of the keyword.
expert Even more detailed messages. A value between 6 and 8 may
be used instead of the keyword.
guru All of the debug messages you can get. A value greater
than 8 may be used instead of the keyword. The creation
of hash tracing files is only enabled if the keyword is
used.
How these messages are mapped to the actual debugging flags is not
specified and may change with newer releases of this program. They are
however carefully selected to best aid in debugging.
--debug flags
This option is only useful for debugging and the behavior may
change at any time without notice. FLAGS are bit encoded and
may be given in usual C-Syntax. The currently defined bits are:
0 (1) X.509 or OpenPGP pro
GnuPG 2.2.40 2022-10-07 GPG-AGENT(1)
Czas wygenerowania: 0.00013 sek.
Created with the man page lookup class by Andrew Collington.
Based on a C man page viewer by Vadim Pavlov
Unicode soft-hyphen fix (as used by RedHat) by Dan Edwards
Some optimisations by Eli Argon
Caching idea and code contribution by James Richardson
Copyright © 2003-2025 Linux.pl
Hosted by Hosting Linux.pl