I'm trying to setup gpg-agent forwarding in order to use pass (https://www.passwordstore.org) via ssh.
gpg version 2.2.9 both on local and remote hosts, installed by instructions: https://gist.github.com/vt0r/a2f8c0bcb1400131ff51
extra-socket /home/mickey/.gnupg/S.gpg-agent.remote
echo RELOADAGENT | gpg-connect-agent
gpg --export -a mickey > mickey.gpg
echo "test" | gpg2 --encrypt -r mickey > out.gpg
scp *.gpg REMOTE_HOST:
ssh -R /run/user/1002/gnupg/S.gpg-agent:/home/mickey/.gnupg/S.gpg-agent.remote -o "StreamLocalBindUnlink=yes" REMOTE_HOST
gpg --import mickey.gpg
gpg --edit-key mickey
trust 5 quit
gpg --decrypt -v out.gpg
gpg: public key is FED6243A3325C554
gpg: connection to agent is in restricted mode
gpg: using subkey FED6243A3325C554 instead of primary key 9E2ED69A02554504
gpg: using subkey FED6243A3325C554 instead of primary key 9E2ED69A02554504
gpg: encrypted with 2048-bit RSA key, ID FED6243A3325C554, created 2018-07-23
"mickey"
gpg: public key decryption failed: Inappropriate ioctl for device
gpg: decryption failed: No secret key
So, agent socket forwarding is working, seems there are some problems with pinentry program. Could not find anything that worked for me in google.
Tried to add pinentry-program /usr/bin/pinentry-tty to gpg-agent.conf, new error:
gpg: public key decryption failed: Invalid IPC response
gpg: decryption failed: No secret key
It happens when GPG is confused where to read input from. Simply configuring it to look for input from tty (the terminal connected to standard input) fixes it:
export GPG_TTY=$(tty)