I use public-key based access for a number of things and
gpg-agent is a useful way to avoid having to
repeatedly type the passphrases needed to unlock the
private-keys. The agent prompts you for the passphrase and then
uses the unlocked keys for a user-determined time-period. For a
number of reasons it is a "good thing" if this prompting happens
in a different interface from that where the key is being used.
In an X window environment this is done by the
pinentry-gtk avatar of
pops up a new window.
However, I use
screen to multiplex operations
within a single terminal session, often without an X session. It
used to bother me that I could not get
pinentry-curses to pop up in a different window. No
more ;). Here is a hack that seems to work.
Decide on some location like $HOME/.gnupg/pin-tty and assign it to the variable PINTTY.
Use the additional options
Start a screen window with the command
screen -M -t pin socat -,raw,echo=0 PTY,link=$PINTTY
Now everytime a program asks
gpg-agent to use a
secret-key, it will invoke
will connect to the
pin window under
screen; the latter will warn you (
that something is asking for a passphrase.
It would be nice if one did not have to invoke
socat and screen could do step (3) directly.
Is there any way to integrate the use of
openvpn when the latter
uses SSL keys?
There may be some security issues with such use! I can't see any at the moment but I may be wrong. :-(