Implement GPG Agent

Allow using the desktop client as a GPG agent.

This would be useful for anyone regularly using a PGP key to sign commits, files, or send encrypted messages, as it removes the need to manually open your vault to search for its password and enter it in the default password entry box, similarly to the newly-added SSH agent (which is has been very useful!).

1 Like

Is there a reason you would prefer GPG over using the SSH-agent to sign files and git commits? (Generally, PGP/GPG have fundamental design issues [1] and it would really be preferrable to just migrate to using SSH for signing).

2 Likes

I was not aware of these shortcomings, and it seems all relevant software I use also supports SSH-signed commits, meaning I will switch to doing so in the future.

1 Like

For signing, yes, but there’s also encryption for emails etc. I don’t know the technical details, but instead of a GPG agent, would it be easier to extend Bitwarden so it could act as a pinentry dialog?

https://www.gnupg.org/related_software/pinentry/index.html

SSH doesn’t exactly replace the need for GPG.
GPG can be used to encrypt communication or files, encrypt/sign emails.

You can check out the equivalent 1Password forum, where users have mentioned reasonable suggestions.

Is there a reason you would prefer GPG over using the SSH-agent to sign files and git commits?

As one user mentioned there, we prefer it over SSH Keys for commit signing because it provides key servers for verification thus, a web of trust (an SSH commit signature by itself means nothing, if I don’t know the key).
I use GPG to sign apps, most macOS apps use Sparkle to provide a quick and secure way to update their apps, which requires a GPG Key to sign the app before distribution.

1 Like