Skip to content

Instantly share code, notes, and snippets.

@anton-rudeshko

anton-rudeshko/gpg-on-removable.md

Last active February 26, 2025 04:40
Show Gist options
  • Save anton-rudeshko/75e8d32a9a9eff57b3c7dfa046121bf2 to your computer and use it in GitHub Desktop.
Save anton-rudeshko/75e8d32a9a9eff57b3c7dfa046121bf2 to your computer and use it in GitHub Desktop.
Download ZIP
GPG on the flash drive (Windows FAT 32)
Raw
gpg-on-removable.md

GPG on removable media

$ gpg --version
gpg (GnuPG/MacGPG2) 2.2.8
libgcrypt 1.8.3
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/user/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Basically the problem boils down to the error which occurs on file systems that can't handle sockets (like Windows FAT32 default for flash drives):

gpg: can't connect to the agent: IPC connect call failed

Assuming that removable drive mounted at /Volumes/ENCFLASH and there is a folder gnupg that resembles default .gnupg directory structure.

Go to the directory with private keys (cd /Volumes/ENCFLASH/gnupg) on the mounted drive and replace all potential socket files (S.dirmngr, S.gpg-agent.ssh, S.gpg-agent.extra, S.gpg-agent.browser, S.gpg-agent) with plain text files with config to redirect socket to the default location:

%Assuan%
socket=${HOME}/.gnupg/S.dirmngr

Here is a script to do it:

echo '%Assuan%\nsocket=${HOME}/.gnupg/S.dirmngr' > S.dirmngr
echo '%Assuan%\nsocket=${HOME}/.gnupg/S.gpg-agent.ssh' > S.gpg-agent.ssh
echo '%Assuan%\nsocket=${HOME}/.gnupg/S.gpg-agent.extra' > S.gpg-agent.extra
echo '%Assuan%\nsocket=${HOME}/.gnupg/S.gpg-agent.browser' > S.gpg-agent.browser
echo '%Assuan%\nsocket=${HOME}/.gnupg/S.gpg-agent' > S.gpg-agent

— via ArchWiki.

Restart gpg-agent while on removable:

$ killall gpg-agent
# `gpg` v2 will automatically start `gpg-agent`
$ gpg --list-secret-keys --homedir "$(pwd)"
gpg: WARNING: unsafe permissions on homedir '/Volumes/ENCFLASH/gnupg'
gpg: DBG: locking for '/Volumes/ENCFLASH/gnupg/gnupg_spawn_agent_sentinel.lock' done via O_EXCL
/Volumes/ENCFLASH/gnupg/pubring.gpg
-------------------------------------------

You now should be able to see (sec instead of sec#) and use private keys stored on removable drive.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment