GPG signing with full gpg-agent support in WSL2: the easy way

gpg_wsl2.md

Problem statement

Signing with GPG in Windows System for Linux (WSL2) does not work smoothly out of the box. Notably, when using a TTY-based pinentry, signing in Visual Studio Code does not work at all.

Solution

1. Install Gpg4Win: winget install -e GnuPG.Gpg4win or download and install manually
2. Start Kleopatra and generate or import keys
3. Insert links to gpg.exe inside of WSL:

   sudo ln -s /mnt/c/Program\ Files\ \(x86\)/GnuPG/bin/gpg.exe /usr/local/bin/gpg
   sudo ln -s gpg /usr/local/bin/gpg2
   

4. That's it! Git and other GPG commands will now use the GPG installed in Windows, which has access to the GPG agent from Gpg4Win, and uses its graphical pinentry for passphrases.

Troubleshooting

This gpg should take precedence over any gpg installed on the system. Verify this with command -v gpg. If this is not /usr/local/bin/gpg, check $PATH for the order of precedence on your system, and create the link in a directory that precedes (is left of) /usr/bin or wherever the package manager installed GPG.

See also

• wsl2-gpg-agent
• SSH access to 1Password

The second ln command relies on the current working directory being /usr/local/bin/gpg. it should probably be:
sudo ln -s /usr/local/bin/gpg /usr/local/bin/gpg2

No, the symlink it creates points at gpg which is evaluated relative to the location of the symlink. This is essentially creating an alias gpg2 to the same program. I don't remember why I did that.

This GitHub Doc might explain why you created the link to gpg2.