OpenPGP smartcard - authentication key
Wolfgang Rosenauer
wolfgang.rosenauer at an-netz.de
Tue May 3 14:56:45 CEST 2005
Werner Koch wrote:
> If that is an 1024 bit RSA key, this is indeed possible. The HOWTO
> will tell you:
>
> http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO
>
> In short: Use gpg --edit-key and then the command keytocard. The
> problem might be to convert an SSH key to a GnuPG key. There is no
> instant solution for 1.4 - with 1.9 and the gpg-agent SSH support is
> included and a mere ssh-add will be suffcient; but well the key is
> then stored in gpg-agent's own format.
>
> In general I do not suggest to do this at all. Better generate a new
> key on-card and use this as your new ssh key. It is pretty simple to
> change your ssh key and this allows you to slowly retire your old ssh
> key.
OK, I've generated an authentication key within GPG on the card.
Now there are some questions left ;-)
How to get this special public key out of the complete public-key of
this GPG ID?
I've tried gpg -a --export KEYID but I'm not sure if this is the correct
format for SSH usage.
The other thing is (more an OpenSSH question) how to tell openssh to use
the key from the card?
Thanks,
Wolfgang
More information about the Gnupg-users
mailing list