$ gpg --version
gpg (GnuPG/MacGPG2) 2.2.8
libgcrypt 1.8.3
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /Users/user/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Basically the problem boils down to the error which occurs on file systems that can't handle sockets (like Windows FAT32 default for flash drives):
gpg: can't connect to the agent: IPC connect call failed
Assuming that removable drive mounted at /Volumes/ENCFLASH
and there is a folder gnupg
that resembles default .gnupg
directory structure.
Go to the directory with private keys (cd /Volumes/ENCFLASH/gnupg
) on the mounted drive and replace all potential socket files (S.dirmngr
, S.gpg-agent.ssh
, S.gpg-agent.extra
, S.gpg-agent.browser
, S.gpg-agent
) with plain text files with config to redirect socket to the default location:
%Assuan%
socket=${HOME}/.gnupg/S.dirmngr
Here is a script to do it:
echo '%Assuan%\nsocket=${HOME}/.gnupg/S.dirmngr' > S.dirmngr
echo '%Assuan%\nsocket=${HOME}/.gnupg/S.gpg-agent.ssh' > S.gpg-agent.ssh
echo '%Assuan%\nsocket=${HOME}/.gnupg/S.gpg-agent.extra' > S.gpg-agent.extra
echo '%Assuan%\nsocket=${HOME}/.gnupg/S.gpg-agent.browser' > S.gpg-agent.browser
echo '%Assuan%\nsocket=${HOME}/.gnupg/S.gpg-agent' > S.gpg-agent
— via ArchWiki.
Restart gpg-agent
while on removable:
$ killall gpg-agent
# `gpg` v2 will automatically start `gpg-agent`
$ gpg --list-secret-keys --homedir "$(pwd)"
gpg: WARNING: unsafe permissions on homedir '/Volumes/ENCFLASH/gnupg'
gpg: DBG: locking for '/Volumes/ENCFLASH/gnupg/gnupg_spawn_agent_sentinel.lock' done via O_EXCL
/Volumes/ENCFLASH/gnupg/pubring.gpg
-------------------------------------------
…
You now should be able to see (sec
instead of sec#
) and use private keys stored on removable drive.