How can I restart gpg-agent?

Question

Some changes in the GnuPG configuration demands a gpg-agent restart / reboot (according to the doc), but... How can I do that? I tried gpg-agent restart, service gpg-agent restart, but did not succeed.

score 210 · Accepted Answer · edited Apr 10 '23 at 15:16

210

With current GPG (2.1+), to stop gpg-agent you can use gpgconf --kill, like this:

gpgconf --kill gpg-agent

You shouldn’t need to manually restart it. GPG will restart it when it’s needed.

This information can be found in gpg-agent online manual and man gpg-agent.

edited Apr 10 '23 at 15:16

Y. E.

105
4

answered Nov 28 '16 at 00:28

sideshowbarker

2,658
1
13
12

12

There are cases where you want to start the agent manually, e.g. when you use it with ssh support enabled. The agent will NOT automatically start when you attempt an ssh login. – hasufell Dec 17 '17 at 22:36
6

If you ever delete the `~/.gnupg` directory, you will need to restart the gpg agent manually. – Christopher Martin Feb 24 '18 at 21:16
3

You need to start gpg-agent manually if you want to use custom configuration that is not on the the default path. – MaXi32 Aug 21 '20 at 21:18
2

Following "GPG will restart it when it’s needed": For me it was sufficent to run `gpg -K` (which just reads and prints the secret keys) to trigger the restart of the gpg-agent. – xystum Sep 09 '20 at 10:01
Late to the party but I often restart when I encrypt a file with symmetric encryption, beause it uncaches the passphrase and allows me to test-decrypt the file specifying the passphrase. Last I want is to find some time ago that the passphrase is wrong and that I `shred -u`'d the original file – mrbolichi Aug 27 '22 at 15:54
gpgconf: invalid option "--kill" – Lalle May 16 '23 at 09:27

score 48 · Answer 2 · answered Feb 28 '17 at 09:00

48

My preferred way is with gpg-connect-agent reloadagent /bye. See gpg-connect-agent help /bye for a complete list of commands.

answered Feb 28 '17 at 09:00

ben

603
5
6

score 15 · Answer 3 · answered Dec 04 '20 at 07:19

On modern systemd-based Linux distros the gpg-agent is controlled by the userspace systemd.

You can check/start/stop it with the following commands (without sudo):

systemctl --user status gpg-agent
systemctl --user stop gpg-agent
systemctl --user start gpg-agent

score 12 · Answer 4 · answered May 11 '16 at 08:46

gpg-agent is not a system-wide service but started once per user (thus, it is not managed by service). Although sometimes invoked by user's dotfiles or at least in Debian and derivatives also when X11 is started (and gpg-agent is installed) in /etc/X11/Xsession.d/90gpg-agent (to make sure a common gpg-agent is used by all GnuPG calls, no matter whether from a terminal or GUI applications); it is also started automatically by GnuPG when required. From man gpg-agent:

The agent is automatically started on demand by gpg, gpgsm, gpgconf, or gpg-connect- agent. Thus there is no reason to start it manually. In case you want to use the included Secure Shell Agent you may start the agent using:
gpg-connect-agent /bye

Usually, a simple killall gpg-agent (from a non-root shell) should be fine for terminating gpg-agent. You'll likely observe a slight delay when using GnuPG the next time, as gpg-agent is started again.

This changes in GPG 2.1.x and the process is handled through dirmngr. The commands to run then are `dirmngr --shutdown` followed by `dirmngr --daemon` and sometimes additional options (I also include a specific GPG homedir and the `--use-tor` flag). — Ben, May 22 '16 at 04:45

score 3 · Answer 5 · answered Mar 13 '19 at 15:40

In my experience there are some scenarios where gpg will fail to start a fresh gpg agent (importing a new key?).

Kill the old agent as so:

GNUPGHOME="${GNUPGHOME:-$HOME/.gnupg}" gpgconf --kill gpg-agent

and then start the new one:

gpg-agent --homedir "${GNUPGHOME:-$HOME/.gnupg}" --daemon

Setting the --homedir explicitly when starting assures your ps listing is clear when you have more than one homedir; and it's analagous to what gpg does when it starts it.

Setting the GNUPGHOME when stopping is not necessary, but it might make you or the code reviewer more comfortable.

score 3 · Answer 6 · answered Jun 18 '20 at 16:38

3

In my case --kill was an invalid argument for gpgconf. This worked:

killall gpg-agent || true
gpg-agent --daemon --use-standard-socket

answered Jun 18 '20 at 16:38

hpaknia

824
3
10
20

--use-standard-socket is an obsolete option. – MaXi32 Sep 18 '20 at 19:20

score 1 · Answer 7 · answered May 13 '21 at 19:18

None of the solutions worked for me. So I just deleted the /home/my_user/.gnupg directory. Then ran my bash_script.sh (that contains the gpg decrypt command) which automatically re-created the /home/my_user/.gnupg directory and created secring.gpg and pubring.gpg within that directory.

Now, I just needed to import my keys like -

# importing public key
gpg --import my_public_key.pub

# importing private key
gpg --allow-secret-key-import --import my_private_key.private

Finally, I reran my bash_script.sh which showed me a GUI that prompted me for the passphrase to use my keys for file decryption.

score 0 · Answer 8 · answered Aug 15 '23 at 08:47

0

I face this problem too often and just restarting the agent works everytime. For windows-

gpg-connect-agent reloadagent /bye

For Linux -

systemctl --user reload gpg-agent

Good luck !

answered Aug 15 '23 at 08:47

Abir Tasrif Anto

1
1

How can I restart gpg-agent?

8 Answers8