Git Product home page Git Product logo

wsl-gap's Introduction

wsl-gap

wsl-gap is a gpg-agent proxy that relays communication between stdin/stdout and the gpg-agent running on Windows.
Together with socat in WSL it is used to forward a socket from WSL to the gpg-agent running on Windows to be able to access the agents keys from WSL. This makes it possible to use keys from a hardware dongle, like a Yubikey, or a smartcard, which are not directly accessible inside WSL.

wsl-gap can be used for both gpg and ssh and works in both WSL1 and WSL2.

Connection Diagram

Releases can be verified using:

minisign -Vm wsl-gap.exe -P RWQnxc7i4M9iJ5oE7m4ry4dchugn3fgsHHdbUHcJOMvf/KSO+t7fxQ/v

Usage

$ wsl-gap.exe -h
wsl-gap 1.0.0

USAGE:
    wsl-gap.exe [FLAGS] [socket-path]

FLAGS:
    -d, --debug      Activate debug logging to file in the same directory as the exe
        --gpg        Run as gpg-agent proxy
    -h, --help       Prints help information
        --ssh        Run as ssh-pageant proxy
        --version    Show version information

ARGS:
    <socket-path>    Path to a socket on the Windows side if not using the default
  • The gpg-agent is started if not already running.
  • The GNUPGHOME environment variable (if set) or AppData\Roaming\gnupg will be used as path to the S.gpg-agent socket on the Windows side.
  • The GPG and/or SSH sockets are created in /tmp.
    • gpg v2.1+ expects the S.gpg-agent socket to be located in GNUPGHOME, so it must be forwarded by creating the file $GNUPGHOME/S.gpg-agent with the following content: 
      %Assuan%
socket=/tmp/S.gpg-agent

Requirements

  • GnuPG installed and working in Windows, with the path to gnupg\bin added to the Windows Path environment variable.
  • socat installed in WSL.
  • wsl-gap.exe accessible and executable from WSL.

SSH

To only setup for ssh, just export SSH_AUTH_SOCK and use socat to relay between the socket and wsl-gap.exe with the --ssh argument.

export SSH_AUTH_SOCK=/tmp/S.gpg-agent.ssh

if [ ! -f "$SSH_AUTH_SOCK" ]; then
    (setsid socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"/absolute/path/to/wsl-gap.exe --ssh" &) >/dev/null 2>&1
fi

GnuPG

To use for gpg, configure gpg on the WSL side, create the S.gpg-agent file to redirect to the actual socket, and use socat to relay between the socket and wsl-gap.exe with the --gpg argument.
Then import the public keys and it should work.
Note! The GNUPGHOME directory cannot be the same on the WSL side as on the Windows side. Using the default home directory (/home/user) in WSL is a safe way to avoid this.

export GNUPGHOME=/home/user/.gnupg
GPG_AGENT_SOCK=/tmp/S.gpg-agent

# Create S.gpg-agent redirect file if it doesn't exist.
if [ ! -f "$GNUPGHOME/S.gpg-agent" ]; then
    echo -e "%Assuan%\nsocket=$GPG_AGENT_SOCK" > $GNUPGHOME/S.gpg-agent
fi

if [ ! -f "$GPG_AGENT_SOCK" ]; then
    (setsid socat UNIX-LISTEN:$GPG_AGENT_SOCK,fork EXEC:"/absolute/path/to/wsl-gap.exe --gpg" &) >/dev/null 2>&1
fi

Example

See the script wsl-gap.sh for an example on how to setup. The script can be included in your .bashrc and used to setup for both gpg and ssh.

Credits

https://github.com/benpye/wsl-ssh-pageant and https://github.com/BlackReloaded/wsl2-ssh-pageant for inspiration.
https://github.com/Yasushi/putty/ for showing how to communicate with Pageant.

wsl-gap's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

axieum

wsl-gap's Issues

gpg: selecting card failed: No such device

Hi,

Thank you so much for this package, super simple to set up with the provided wsl-gap.ssh bootstrap script! ๐Ÿ™Œ

I've got the ssh-add -l working, it successfully lists my authentication key from my YubiKey. However, the gpg --card-status displays -

image

wsl-gap.exe.log

01:59:24 [ INFO] data_dir() -> "C:\\Users\\jonathan\\AppData\\Roaming"
01:59:24 [ INFO] find gpg-agent
01:59:24 [ INFO] start ssh-proxy
01:59:24 [ INFO] request read from stdin, length: 5
01:59:24 [ INFO] request: [0, 0, 0, 1, 11]
01:59:24 [ INFO] agent_query
01:59:24 [ INFO] response received, length: 85
01:59:24 [ INFO] response written
01:59:24 [ INFO] request read from stdin, length: 0
01:59:24 [ INFO] request: []
01:59:24 [ INFO] done

Windows Version Info

PS C:\Users\jonathan> ssh -V
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
PS C:\Users\jonathan> gpg --version
gpg (GnuPG) 2.3.8
libgcrypt 1.10.1
Copyright (C) 2021 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: C:\Users\jonathan\AppData\Roaming\gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
PS C:\Users\jonathan> gpgconf
gpg:OpenPGP:C%3a\Program Files (x86)\GnuPG\bin\gpg.exe
gpgsm:S/MIME:C%3a\Program Files (x86)\GnuPG\bin\gpgsm.exe
keyboxd:Public Keys:C%3a\Program Files (x86)\GnuPG\bin\keyboxd.exe
gpg-agent:Private Keys:C%3a\Program Files (x86)\GnuPG\bin\gpg-agent.exe
scdaemon:Smartcards:C%3a\Program Files (x86)\GnuPG\bin\scdaemon.exe
dirmngr:Network:C%3a\Program Files (x86)\GnuPG\bin\dirmngr.exe
pinentry:Passphrase Entry:C%3a\Program Files (x86)\GnuPG\..\Gpg4win\bin\pinentry.exe

image

WSL Version Info

[jonathan@Adair ~]$ ssh -V
OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022
[jonathan@Adair ~]$ gpg --version
gpg (GnuPG) 2.2.40
libgcrypt 1.10.1-unknown
Copyright (C) 2022 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/jonathan/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
[jonathan@Adair ~]$ gpgconf
gpg:OpenPGP:/usr/bin/gpg
gpgsm:S/MIME:/usr/bin/gpgsm
gpg-agent:Private Keys:/usr/bin/gpg-agent
scdaemon:Smartcards:/usr/lib/gnupg/scdaemon
dirmngr:Network:/usr/bin/dirmngr
pinentry:Passphrase Entry:/usr/bin/pinentry

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.