GPG Forwarding is a secure and convenient tool that enables you to use your Windows-based GnuPG keys on remote Linux systems. It establishes a secure tunnel between your Windows GPG agent and remote Linux machines, allowing you to sign, encrypt, and decrypt files remotely without transferring your private keys.
- Secure Key Forwarding: Use your local Windows GPG keys on remote Linux systems without exposing private keys
- Auto Port Selection: Automatically finds an available port for forwarding
- Public Key Export: Option to export and import specific GPG public keys to remote systems
- Intelligent Error Handling: Properly handles network interruptions and user termination
- Clean Cleanup: Properly cleans up resources on both local and remote machines
- Session Isolation: Supports multiple simultaneous forwarding sessions with port-specific scripts
- Windows Subsystem for Linux 2 (WSL2)
- GnuPG installed and configured on both Windows and the remote Linux system
npiperelay.exefor Windows named pipe accesssocatfor socket forwardingsshwith remote port forwarding capabilities
-
Clone this repository:
git clone https://github.com/yourusername/gpg-forwarding.git cd gpg-forwarding -
Make the script executable:
chmod +x gpg-forward.sh
-
Ensure all dependencies are installed:
# On Windows (using winget) winget install albertony.npiperelay # In WSL sudo apt install gnupg socat openssh-client
./gpg-forward.sh <remote-host>By default, the script automatically selects an available port. You can specify a custom port if needed:
./gpg-forward.sh --port=12345 <remote-host>To export and import your public key to the remote system:
./gpg-forward.sh [email protected] <remote-host>./gpg-forward.sh [email protected] --port=auto <remote-host>GPG -> Unix socket -> socat -> TCP port -> SSH secure tunnel -> TCP port -> socat -> npiperelay -> Windows GPG agent
- The script locates your Windows GPG agent socket
- It uses
npiperelay.exeandsocatto create a TCP socket accessible from WSL - It creates a remote script with a unique port-specific name
- It establishes an SSH connection with remote port forwarding
- On the remote system, it creates a Unix socket that forwards to the TCP port
- GPG on the remote system accesses this Unix socket
- The script handles this forwarding process, including cleanup on termination
To stop forwarding, simply press Ctrl+C in the terminal where the script is running. The script will automatically clean up resources on both local and remote systems.
- Port Conflicts: If you receive port binding errors, try again, the default is to choose a random port.
You can also use
--port=xxxxxto specify your desired port. - Permission Issues: Ensure your SSH user has proper permissions on the remote system
- Authentication Failures: Make sure your SSH keys are properly set up for the remote host
- GPG Agent Not Found: Verify that GPG is running in Windows and the agent socket exists
This project is licensed under the Apache License 2.0. See the LICENSE file for details.
- npiperelay for providing Windows named pipe access
- GnuPG for the encryption software
- socat for the socket forwarding capabilities