Home

gpgagent

gpg-agent is a background daemon that is part of the GNU Privacy Guard (GnuPG) suite. It manages private keys used by OpenPGP and S/MIME operations, and it caches passphrases and PINs to reduce interactive prompts. When a private key operation is required, gpg-agent coordinates with a pinentry program to securely obtain the passphrase and then passes the decrypted material to the requesting process.

The agent runs per user session and is typically started automatically by GnuPG or the user's login

Configuration is done through a gpg-agent.conf file. Common options control caching behavior, such as default-cache-ttl and

Security considerations include the trade-off between convenience and risk: caching passphrases improves usability but can expose

See also: GnuPG, pinentry, gpg-connect-agent, gpgconf.

environment.
It
exposes
a
local
communication
channel
that
other
GnuPG
components
use
to
request
key
operations.
Gpg-agent
also
offers
an
SSH
agent
compatibility
interface,
allowing
OpenSSH
clients
to
use
keys
stored
in
the
GnuPG
keyring
for
SSH
authentication
by
setting
the
SSH_AUTH_SOCK
variable.
max-cache-ttl,
which
determine
how
long
cached
passphrases
remain
valid.
The
enable-ssh-support
option
turns
on
the
SSH
agent
compatibility
feature.
The
agent
can
be
managed
with
gpgconf
or
gpg-connect-agent,
for
example
to
reload
configuration
or
to
kill
the
agent
when
needed.
private
keys
if
the
system
is
compromised.
Cache
lifetimes
can
be
tuned,
and
caches
can
be
cleared
manually
via
gpg-connect-agent
or
by
restarting
the
agent
with
system
tools.
Gpg-agent
is
available
on
most
platforms
supported
by
GnuPG,
including
Linux,
BSDs,
and
Windows
(through
the
GnuPG
suite).