Howto: Insta-signing

Sometimes it's nice to be able to sign a document in less than one second. This can be very difficult if, like me, you have a long passphrase. For example, you may with to sign a document where the document contains a current timestamp, and the signature itself matches that timestamp, to the nearest second. This is possible with the GnuPG Agent, and this howto will take you through the process step-by-step.

  1. If you've never used gpg-agent before, set it up.

    This requires a pinentry program. By default, Debian attempts to install pinentry-gtk2, which is graphical and thus has lots of gtk dependencies. If you wish to use a lighter version that is command-line only, use pinentry-curses. If pinentry-curses is already installed, or is to be installed at the same time, it will satisfy gpg-agent's dependency for a pinentry program.

    $ sudo apt-get install pinentry-curses gnupg-agent
    

    Create the config file for gpg-agent.

    $ cat - <<EOF > ~/.gnupg/gpg-agent.conf
    pinentry-program /usr/bin/pinentry-curses
    no-grab
    default-cache-ttl 1800
    EOF
    
  2. Set environment variables and start the agent, if you don't already have it running.

    $ export GPG_TTY=`tty`
    $ eval `gpg-agent --daemon --sh`
    
  3. Initialize the agent.

    Attempt to create a fake message using the agent. Enter your passphrase when asked. Press enter (or OK), then immediately type Ctrl-C after the passphrade is accepted. This will cancel the signature. This causes the agent to capture passphrase. It will be remembered for five minutes. Where KEYID uniquely identifies your key within GnuPG:

    $ gpg --use-agent -u KEYID --clearsign
    
  4. Now sign your document.

    Where KEYID uniquely identifies your key within GnuPG:

    Use this form to prepend a date string to your document.

    $ rm -f output.asc; (date -u +"Whatever Date String: %Y%m%d%H%M%SZ"; cat document.txt) | gpg --use-agent -u KEYID --clearsign -o output.asc
    

    Or, you can use this form to replace a special date string within your document.

    $ rm -f output.asc; sed -e "s/DATESTR/`date -u +"%Y%m%d%H%M%SZ"`/" document.txt | gpg --use-agent -u KEYID --clearsign -o output.asc
    

Valid XHTML 1.0 Strict Valid CSS!