How to use keychain for ssh and gpg¶

You can use keychain to re-use ssh-agent and/or gpg-agent between logins. In this example we show how you can add two ssh keys (ed25519 and RSA) and your gpg key to keychain.

First make sure you already created your ssh keys and gpg keys. Then run the following command in your terminal:

eval $(keychain --nogui --eval --agents ssh,gpg --quick [ssh_key_filenames ...] [gpg-key-id])

For example if we have 2 ssh keys (id_ed25519 and id_rsa) and a gpg key id (8F3FB7BD7A6BF71D):

eval $(keychain --nogui --eval --agents ssh,gpg --quick id_ed25519 id_rsa 8F3FB7BD7A6BF71D)

Automatically loading keychain on login¶

You can place this line in you ~/.profile to automatically load your keychain for a login shell. Just add the option --quiet to hide any messages printed to your terminal.

GPG key cache expiration¶

To control how long it takes until your GPG key expires and you have to enter your password again, create the file ~/.gnupg/gpg-agent.conf and set these two parameters:

default-cache-ttl 86400
max-cache-ttl 604800

Using these settings, the cache will be valid for 24 hours. Each time a cache entry is accessed, the entry's timer is reset. The cache may be valid for a maximum of 7 days.