YubiKey GPG inside WSL2

Install GPG4Win.

Start up Kleopatra and make sure your YubiKey is loaded there.

You can also add GPG4Win to Startup folder using a link with this Target:

"C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe" /bye

This will only load the agent at Startup, and you won’t be bothered by any UI or tray agent.

Download wsl2-ssh-pageant

Put it into your Windows %userprofile%/.ssh directory (Windows dir is important for performance).

Install socat and gpg inside WSL as you would in a “normal” distro, e.g.

apt-get install -y gnupg2 gnupg-agent socat
Create profile

Create a ~/.bash_profile or ~/.zprofile (for ZSH) inside WSL:

### https://github.com/BlackReloaded/wsl2-ssh-pageant#bashzsh
SSH_DIR="${HOME}/.ssh" #
mkdir -p "${SSH_DIR}"
ln -sf "/mnt/c/Users/${WIN_USER}/.ssh/wsl2-ssh-pageant.exe" "${wsl2_ssh_pageant_bin}"

listen_socket() {
  sock_path="$1" && shift
  exec_args="${wsl2_ssh_pageant_bin} $@"

  if ! ps x | grep -v grep | grep -q "${fork_args}"; then
    rm -f "${sock_path}"
    (setsid nohup socat "UNIX-LISTEN:${fork_args}" "EXEC:${exec_args}" &>/dev/null &)

export SSH_AUTH_SOCK="${SSH_DIR}/agent.sock"
listen_socket "${SSH_AUTH_SOCK}"

export GPG_AGENT_SOCK="${HOME}/.gnupg/S.gpg-agent"
listen_socket "${GPG_AGENT_SOCK}" --gpg S.gpg-agent

# GPG extra for agent forwarding to devcontainers in VS Code
export GPG_AGENT_SOCK_EXTRA="${HOME}/.gnupg/S.gpg-agent.extra"
listen_socket "${GPG_AGENT_SOCK_EXTRA}" --gpg S.gpg-agent.extra

unset wsl2_ssh_pageant_bin

You can also create this file inside a C: drive and then create a symlink to it, e.g.

ln -s ~/.zprofile /mnt/c/WSL/scripts/.zprofile

which enables sharing of the same file across multiple WSL distros.

Log out and back into WSL.

Import Key

Import your GPG key(s) inside WSL, just as you normally would.

You’re now ready to go!

Inspired by dinvlad/YubiKey GPG inside WSL2.md

Psst, you want to know how Git Sign with GPG inside WSL2 works? Take a look!