gpg-connect-agent - Communicate with a running agent
gpg-connect-agent [options][commands]
The gpg-connect-agent is a utility to communicate with a running
gpg-agent. It is useful to check out the commands gpg-agent
provides using the Assuan interface. It might also be useful for scripting
simple applications. Input is expected at stdin and output gets printed to
stdout.
It is very similar to running gpg-agent in server mode; but
here we connect to a running instance.
The following options may be used:
- --dirmngr
- Connect to a running directory manager (keyserver client) instead of to
the gpg-agent. If a dirmngr is not running, start it.
- --keyboxd
- Connect to a running keybox daemon instead of to the gpg-agent. If a
keyboxd is not running, start it.
- -S
- --raw-socket name
- Connect to socket name assuming this is an Assuan style server. Do
not run any special initializations or environment checks. This may be
used to directly connect to any Assuan style socket server.
- -E
- --exec
- Take the rest of the command line as a program and it's arguments and
execute it as an Assuan server. Here is how you would run
gpgsm:
gpg-connect-agent --exec gpgsm --server
Note that you may not use options on the command line in this case.
- -v
- --verbose
- Output additional information while running.
- -q
- --quiet
- Try to be as quiet as possible.
- --homedir dir
- Set the name of the home directory to dir. If this option is not
used, the home directory defaults to ‘~/.gnupg’. It
is only recognized when given on the command line. It also overrides any
home directory stated through the environment variable
‘GNUPGHOME’ or (on Windows systems) by means of the
Registry entry HKCU\Software\GNU\GnuPG:HomeDir.
On Windows systems it is possible to install GnuPG as a
portable application. In this case only this command line option is
considered, all other ways to set a home directory are ignored.
To install GnuPG as a portable application under Windows,
create an empty file named ‘gpgconf.ctl’ in the
same directory as the tool ‘gpgconf.exe’. The root
of the installation is then that directory; or, if
‘gpgconf.exe’ has been installed directly below a
directory named ‘bin’, its parent directory. You
also need to make sure that the following directories exist and are
writable: ‘ROOT/home’ for the GnuPG home and
‘ROOT/var/cache/gnupg’ for internal cache
files.
- --chuid uid
- Change the current user to uid which may either be a number or a
name. This can be used from the root account to run gpg-connect-agent for
another user. If uid is not the current UID a standard PATH is set
and the envvar GNUPGHOME is unset. To override the latter the option
--homedir can be used. This option has only an effect when used on
the command line. This option has currently no effect at all on Windows.
- --no-ext-connect
- When using -S or --exec, gpg-connect-agent connects
to the Assuan server in extended mode to allow descriptor passing. This
option makes it use the old mode.
- --no-autostart
- Do not start the gpg-agent or the dirmngr if it has not yet been started.
- --no-history
- In interactive mode the command line history is usually saved and restored
to and from a file below the GnuPG home directory. This option inhibits
the use of that file.
- --agent-program file
- Specify the agent program to be started if none is running. The default
value is determined by running gpgconf with the option
--list-dirs. Note that the pipe symbol (|) is used for a
regression test suite hack and may thus not be used in the file name.
- --dirmngr-program file
- Specify the directory manager (keyserver client) program to be started if
none is running. This has only an effect if used together with the option
--dirmngr.
- --keyboxd-program file
- Specify the keybox daemon program to be started if none is running. This
has only an effect if used together with the option --keyboxd.
- -r file
- --run file
- Run the commands from file at startup and then continue with the
regular input method. Note, that commands given on the command line are
executed after this file.
- -s
- --subst
- Run the command /subst at startup.
- --hex
- Print data lines in a hex format and the ASCII representation of
non-control characters.
- --decode
- Decode data lines. That is to remove percent escapes but make sure that a
new line always starts with a D and a space.
While reading Assuan commands, gpg-agent also allows a few special commands to
control its operation. These control commands all start with a slash
(/).
- /echo args
- Just print args.
- /let name value
- Set the variable name to value. Variables are only
substituted on the input if the /subst has been used. Variables are
referenced by prefixing the name with a dollar sign and optionally include
the name in curly braces. The rules for a valid name are identically to
those of the standard bourne shell. This is not yet enforced but may be in
the future. When used with curly braces no leading or trailing white space
is allowed.
If a variable is not found, it is searched in the environment
and if found copied to the table of variables.
Variable functions are available: The name of the function
must be followed by at least one space and the at least one argument.
The following functions are available:
- get
- Return a value described by the argument. Available arguments are:
- cwd
- The current working directory.
- homedir
- The gnupg homedir.
- sysconfdir
- GnuPG's system configuration directory.
- bindir
- GnuPG's binary directory.
- libdir
- GnuPG's library directory.
- libexecdir
- GnuPG's library directory for executable files.
- datadir
- GnuPG's data directory.
- serverpid
- The PID of the current server. Command /serverpid must have been
given to return a useful value.
- unescape args
- Remove C-style escapes from args. Note that \0 and
\x00 terminate the returned string implicitly. The string to be
converted are the entire arguments right behind the delimiting space of
the function name.
- unpercent args
- unpercent+ args
- Remove percent style escaping from args. Note that %00
terminates the string implicitly. The string to be converted are the
entire arguments right behind the delimiting space of the function name.
unpercent+ also maps plus signs to a spaces.
- percent args
- percent+ args
- Escape the args using percent style escaping. Tabs, formfeeds,
linefeeds, carriage returns and colons are escaped. percent+ also
maps spaces to plus signs.
- errcode arg
- errsource arg
- errstring arg
- Assume arg is an integer and evaluate it using strtol.
Return the gpg-error error code, error source or a formatted string with
the error code and error source.
- +
- -
- *
- /
- %
- Evaluate all arguments as long integers using strtol and apply this
operator. A division by zero yields an empty string.
- !
- |
- &
- Evaluate all arguments as long integers using strtol and apply the
logical operators NOT, OR or AND. The NOT operator works on the last
argument only.
- /definq name var
- Use content of the variable var for inquiries with name.
name may be an asterisk (*) to match any inquiry.
- /definqfile name file
- Use content of file for inquiries with name. name may
be an asterisk (*) to match any inquiry.
- /definqprog name prog
- Run prog for inquiries matching name and pass the entire
line to it as command line arguments.
- /datafile name
- Write all data lines from the server to the file name. The file is
opened for writing and created if it does not exists. An existing file is
first truncated to 0. The data written to the file fully decoded. Using a
single dash for name writes to stdout. The file is kept open until
a new file is set using this command or this command is used without an
argument.
- /showdef
- Print all definitions
- /cleardef
- Delete all definitions
- /sendfd file mode
- Open file in mode (which needs to be a valid fopen
mode string) and send the file descriptor to the server. This is usually
followed by a command like INPUT FD to set the input source for
other commands.
- /recvfd
- Not yet implemented.
- /open var file [mode]
- Open file and assign the file descriptor to var. Warning:
This command is experimental and might change in future versions.
- /close fd
- Close the file descriptor fd. Warning: This command is experimental
and might change in future versions.
- /showopen
- Show a list of open files.
- /serverpid
- Send the Assuan command GETINFO pid to the server and store the
returned PID for internal purposes.
- /sleep
- Sleep for a second.
- /hex
- /nohex
- Same as the command line option --hex.
- /decode
- /nodecode
- Same as the command line option --decode.
- /subst
- /nosubst
- Enable and disable variable substitution. It defaults to disabled unless
the command line option --subst has been used. If /subst as been
enabled once, leading whitespace is removed from input lines which makes
scripts easier to read.
- /while condition
- /end
- These commands provide a way for executing loops. All lines between the
while and the corresponding end are executed as long as the
evaluation of condition yields a non-zero value or is the string
true or yes. The evaluation is done by passing
condition to the strtol function. Example:
/subst
/let i 3
/while $i
/echo loop counter is $i
/let i ${- $i 1}
/end
- /if condition
- /end
- These commands provide a way for conditional execution. All lines between
the if and the corresponding end are executed only if the
evaluation of condition yields a non-zero value or is the string
true or yes. The evaluation is done by passing
condition to the strtol function.
- /run file
- Run commands from file.
- /history --clear
- Clear the command history.
- /bye
- Terminate the connection and the program.
- /help
- Print a list of available control commands.
gpg-agent(1), scdaemon(1)
The full documentation for this tool is maintained as a Texinfo
manual. If GnuPG and the info program are properly installed at your site,
the command
should give you access to the complete manual including a menu
structure and an index.