Skip to content

Instantly share code, notes, and snippets.

@dinvlad

dinvlad/Yubikey GPG inside WSL2.md

Created December 15, 2021 20:55
Show Gist options
  • Star 17 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
  • Save dinvlad/a62d44325fa2b989a046fe984a06e140 to your computer and use it in GitHub Desktop.
Save dinvlad/a62d44325fa2b989a046fe984a06e140 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Yubikey GPG inside WSL2.md

Yubikey GPG inside WSL2

  1. Install GPG4Win.

  2. Start up Kleopatra (a UI tool from 1) and make sure your YubiKey is loaded there.

    • You can also add GPG4Win to Startup folder using a link with this Target: 
      "C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe" /bye
      This will only load the agent at Startup, and you won't be bothered by any UI or tray agent.

  3. Download wsl2-ssh-pageant into your Windows %userprofile%/.ssh directory (Windows dir is important for performance).

  4. Install socat and gpg inside WSL as you would in a "normal" distro, e.g.

    apt-get install -y gnupg2 gnupg-agent socat

  5. Create a ~/.bash_profile or ~/.zprofile (for ZSH) inside WSL:

    ### https://github.com/BlackReloaded/wsl2-ssh-pageant#bashzsh
WIN_USER="<your_windows_username_here>"
SSH_DIR="${HOME}/.ssh" #
mkdir -p "${SSH_DIR}"
wsl2_ssh_pageant_bin="${SSH_DIR}/wsl2-ssh-pageant.exe"
ln -sf "/mnt/c/Users/${WIN_USER}/.ssh/wsl2-ssh-pageant.exe" "${wsl2_ssh_pageant_bin}"

listen_socket() {
  sock_path="$1" && shift
  fork_args="${sock_path},fork"
  exec_args="${wsl2_ssh_pageant_bin} $@"

  if ! ps x | grep -v grep | grep -q "${fork_args}"; then
    rm -f "${sock_path}"
    (setsid nohup socat "UNIX-LISTEN:${fork_args}" "EXEC:${exec_args}" &>/dev/null &)
  fi
}

# SSH
export SSH_AUTH_SOCK="${SSH_DIR}/agent.sock"
listen_socket "${SSH_AUTH_SOCK}"

# GPG
export GPG_AGENT_SOCK="${HOME}/.gnupg/S.gpg-agent"
listen_socket "${GPG_AGENT_SOCK}" --gpg S.gpg-agent

# GPG extra for agent forwarding to devcontainers in VS Code
export GPG_AGENT_SOCK_EXTRA="${HOME}/.gnupg/S.gpg-agent.extra"
listen_socket "${GPG_AGENT_SOCK_EXTRA}" --gpg S.gpg-agent.extra

unset wsl2_ssh_pageant_bin
###

    You can also create this file inside a C: drive and then create a symlink to it, e.g.

    ln -s ~/.zprofile /mnt/c/WSL/scripts/.zprofile

    which enables sharing of the same file across multiple WSL distros.

  6. Log out and back in to WSL.

  7. Import your GPG key(s) inside WSL, just as you normally would. They're now ready to go!

@tofupup
Copy link

tofupup commented Jul 17, 2022

Thank you for this, I had things running in WSL2, but not devcontainers. Adding the extra socket fixed this, saved me a bunch of time.

@dingwen07
Copy link

Just for anyone who wants to use GPG CLI in WSL2, you can use gpg.exe directly, if it is not in path then /mnt/c/Program Files (x86)/GnuPG/bin/gpg.exe will work. Tested with Git, works perfectly.

@dinvlad
Copy link
Author

dinvlad commented Jul 2, 2023

Good to know, thanks @dingwen07!

@MiguelMachado-dev
Copy link

i could not make this work :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment