Skip to content

Instantly share code, notes, and snippets.

Last active Jun 21, 2022
What would you like to do?
use Apple Keychain to store GPG Passphrases

gpg-agent setup

Need to setup gpg-agent first, on OSX I use keychain (it also does ssh-agent)

$ brew info keychain
keychain: stable 2.8.5
User-friendly front-end to ssh-agent(1)
/usr/local/Cellar/keychain/2.8.5 (7 files, 108.5KB) *
  Built from source on 2018-10-23 at 14:44:08
==> Analytics
install: 267 (30 days), 841 (90 days), 3,910 (365 days)
install_on_request: 262 (30 days), 817 (90 days), 3,661 (365 days)
build_error: 0 (30 days)

gpg passphrase in keychain

brew install gpg gpg2 pinentry-mac
mkdir -m 0700 ~/.gnupg
echo "pinentry-program $(brew --prefix)/bin/pinentry-mac" | tee ~/.gnupg/gpg-agent.conf
pkill -TERM gpg-agent

Close and reopen shell.

test gpg passphrase stored in keychain

Assuming you've already created or imported a key, select an identity to test:

$ gpg --list-keys
pub   rsa4096 2019-06-18 [SC]
uid           [ultimate] Koshatul <>
sub   rsa4096 2019-06-18 [E]

Test (replace with the identity of your certificate):

$ echo test | gpg -e -r | gpg -d
gpg: encrypted with rsa4096 key, ID 3AF58C6962796950, created 2019-06-18
      "Koshatul <>"
Copy link

koshatul commented Apr 12, 2022

I never changed that, but good find.

Copy link

0x3333 commented Apr 12, 2022

Looks like using GPGTools Preference pane sets this entry.

Copy link

estevaoam commented Apr 15, 2022

btw, if someone is looking for a simple installation alternative gpgtools have a simple installer that bundle this nicely:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment