Can I leverage Windows authentication to use my private GPG key?

I would be perfectly satisfied to have the password of my GPG key need to be the same as my Windows password. If there isn’t some tool that already does this,

No, that wouldn't be very useful. Windows does not give GPG or other (normal) software any access to your login password. In fact most places would consider it to be a major security hole if a program had access to the login credentials remembered by Windows (see e.g. the need for Credential Guard).

Passwords used by apps should be independent and only stored through the Credential Manager API, or encrypted using DPAPI, or at least in an EFS-encrypted file (in all three cases the encryption key is protected by your login password). Though, a downside is that any app, not just GPG, can access them.

The GPG pinentry app (the one which displays password popups) has, at least on Linux, the ability to save passwords in the OS credential manager (i.e. libsecret). If you're using Gpg4Win or something like that, it would be a sensible feature request to add similar functionality to the Windows version of pinentry.

(It would be possible to write your own pinentry, such as this pinentry-wsl-ps1.)


Somewhat more secure would be to pass through the signing/decryption requests to a private key that's still stored on your local machine (similar to how ssh-agent works). Over Remote Desktop, this is natively possible and indeed almost completely transparent with smartcards and software using the Windows cryptographic API (CAPI and CNG).

The downside is, you do need a smartcard for this to work. For example, a Yubikey NEO connected locally might be detected by GPG's scdaemon on the remote end.