Remote use of keys on smartcard via gnupg-agent?

Raphaël Poss gnupg at
Wed Mar 29 11:26:08 CEST 2006

Hi Jimmy,

Jimmy Kaplowitz wrote:

> I currently access my email via mutt over SSH, and therefore my private
> key is currently stored on that remote server. I am fully aware how bad
> of an idea this is, and so if what I ask above is possible, I plan to
> move my private key to a secure offline location, put subkeys on a
> smartcard that I take with me, and forward access to them over SSH to
> the remote email server for routine use. Hopefully I'm not the only one
> who wants this.

People who are serious about security would probably like to have the 
crypto done by the smartcard itself, or at least the computer they are 
sitting in front of. Therefore a better setup would be to have the 
encrypted data transmitted from your distant ssh host to your local host 
for decryption, and decrypted data sent back to your ssh host for use 
(or just viewed locally).

If you are just using mutt in your remote ssh shell, you could configure 
manually something along these lines:

1. connect to your remote ssh host using remote port forwarding, with 

2. on your local host, run something like this in an interactive shell:

   while true; do nc -l 4242 | gpg ; done

3. configure your remote mutt to send the encrypted data to port 4242 on 
the same host, so that it gets forwarded back via your ssh connection.

This way your local gpg will get its input from the remote mutt.

I did not test this, but you get the idea.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060329/70ca3973/signature.pgp

More information about the Gnupg-users mailing list