colemickens/gist:0fd5ba0300ca69d17d40119f03b527f8 Secret

## gistfile1.sh
##
## No local secret keys
##

$ gpg --list-secret-keys
/home/cole/.gnupg/pubring.kbx
-----------------------------
sec#  rsa4096/0x9758078DE5308308 2018-03-21 [C]
      Key fingerprint = 8A94 ED58 A476 A13A E0D6  E85E 9758 078D E530 8308
uid                   [ultimate] Cole Mickens <cole.mickens@gmail.com>
ssb>  rsa4096/0xB475C2955744A019 2018-05-22 [S]
ssb>  rsa4096/0x62556A61E301DC21 2018-05-22 [E]
ssb>  rsa4096/0x22A2E663A5416DE5 2018-05-22 [A]

# see, only stubs! private keys are on the yubikey


##
## Determine local and remote paths
##
$ lpath=$(gpgconf --list-dirs agent-extra-socket)
$ rpath=$(ssh cole@192.168.1.155 gpgconf --list-dirs agent-socket)

##
## Try to decrypt a test file without forwarding gpg-agent socket
##
$ ssh cole@192.168.1.155 gpg -d /tmp/test.txt.gpg
gpg: WARNING: unsafe permissions on homedir '/home/cole/.gnupg'
gpg: encrypted with 4096-bit RSA key, ID 0x62556A61E301DC21, created 2018-05-22
      "Cole Mickens <cole.mickens@gmail.com>"
gpg: public key decryption failed: Inappropriate ioctl for device
gpg: decryption failed: No secret key


##
## Now try again (successfully), with gpg-agent available.
##
$ ssh -o "RemoteForward $rpath:$lpath" -A cole@192.168.1.155  gpg -d /tmp/test.txt.gpg
gpg: WARNING: unsafe permissions on homedir '/home/cole/.gnupg'
gpg: encrypted with 4096-bit RSA key, ID 0x62556A61E301DC21, created 2018-05-22
      "Cole Mickens <cole.mickens@gmail.com>"
this is a test

# success
	##
	## No local secret keys
	##

	$ gpg --list-secret-keys
	/home/cole/.gnupg/pubring.kbx
	-----------------------------
	sec# rsa4096/0x9758078DE5308308 2018-03-21 [C]
	Key fingerprint = 8A94 ED58 A476 A13A E0D6 E85E 9758 078D E530 8308
	uid [ultimate] Cole Mickens <cole.mickens@gmail.com>
	ssb> rsa4096/0xB475C2955744A019 2018-05-22 [S]
	ssb> rsa4096/0x62556A61E301DC21 2018-05-22 [E]
	ssb> rsa4096/0x22A2E663A5416DE5 2018-05-22 [A]

	# see, only stubs! private keys are on the yubikey


	##
	## Determine local and remote paths
	##
	$ lpath=$(gpgconf --list-dirs agent-extra-socket)
	$ rpath=$(ssh cole@192.168.1.155 gpgconf --list-dirs agent-socket)

	##
	## Try to decrypt a test file without forwarding gpg-agent socket
	##
	$ ssh cole@192.168.1.155 gpg -d /tmp/test.txt.gpg
	gpg: WARNING: unsafe permissions on homedir '/home/cole/.gnupg'
	gpg: encrypted with 4096-bit RSA key, ID 0x62556A61E301DC21, created 2018-05-22
	"Cole Mickens <cole.mickens@gmail.com>"
	gpg: public key decryption failed: Inappropriate ioctl for device
	gpg: decryption failed: No secret key


	##
	## Now try again (successfully), with gpg-agent available.
	##
	$ ssh -o "RemoteForward $rpath:$lpath" -A cole@192.168.1.155 gpg -d /tmp/test.txt.gpg
	gpg: WARNING: unsafe permissions on homedir '/home/cole/.gnupg'
	gpg: encrypted with 4096-bit RSA key, ID 0x62556A61E301DC21, created 2018-05-22
	"Cole Mickens <cole.mickens@gmail.com>"
	this is a test

	# success