GNUPG-1-9-BRANCH gnupg/doc (ChangeLog gpg-agent.texi)

[cvs user mo]

    Date: Thursday, January 27, 2005 @ 00:15:43
  Author: mo
    Path: /cvs/gnupg/gnupg/doc
     Tag: GNUPG-1-9-BRANCH

Modified: ChangeLog gpg-agent.texi

2005-01-27  Moritz Schulte  <moritz at g10code.com>

	* gpg-agent.texi: Document ssh-agent emulation layer.


----------------+
 ChangeLog      |    4 ++++
 gpg-agent.texi |   34 ++++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)


Index: gnupg/doc/ChangeLog
diff -u gnupg/doc/ChangeLog:1.39.2.23 gnupg/doc/ChangeLog:1.39.2.24
--- gnupg/doc/ChangeLog:1.39.2.23	Thu Jan 13 19:00:46 2005
+++ gnupg/doc/ChangeLog	Thu Jan 27 00:15:42 2005
@@ -1,3 +1,7 @@
+2005-01-27  Moritz Schulte  <moritz at g10code.com>
+
+	* gpg-agent.texi: Document ssh-agent emulation layer.
+
 2005-01-04  Werner Koch  <wk at g10code.com>
 
 	* gnupg.texi: Updated to use @copying.
Index: gnupg/doc/gpg-agent.texi
diff -u gnupg/doc/gpg-agent.texi:1.1.2.14 gnupg/doc/gpg-agent.texi:1.1.2.15
--- gnupg/doc/gpg-agent.texi:1.1.2.14	Tue Dec 21 20:05:15 2004
+++ gnupg/doc/gpg-agent.texi	Thu Jan 27 00:15:42 2005
@@ -326,6 +326,37 @@
 window system's @code{DISPLAY} variable.  This is useful to lock the
 pinentry to pop up at the @sc{tty} or display you started the agent.
 
+ at item --ssh-support
+ at itemx --ssh-support
+ at opindex ssh-support
+ at opindex ssh
+
+Enable emulation of the OpenSSH Agent protocol.
+
+In this mode of operation, the agent does not only implement the
+gpg-agent protocol, but also the agent protocol used by OpenSSH
+(through a seperate socket).  Consequently, it should possible to use
+the gpg-agent as a drop-in replacement for the well known ssh-agent.
+
+SSH Keys, which are to be used through the agent, need to be added to
+the gpg-agent initially through the ssh-add utility.  When a key is
+added, ssh-add will ask for the password of the provided key file and
+send the unprotected key material to the agent; this causes the
+gpg-agent to ask for a passphrase, which is to be used for encrypting
+the newly received key and storing it in a gpg-agent specific
+directory.
+
+Once, a key has been added to the gpg-agent this way, the gpg-agent
+will be ready to use the key.
+
+Note: in case the gpg-agent receives a signature request, the user
+might need to be prompted for a passphrased, which is necessary for
+decrypting the stored key.  Since the ssh-agent protocol does not
+contain a mechanism for telling the agent on which display/terminal it
+is running, gpg-agent's --ssh-support switch implies --keep-display
+and --keep-tty.  This strategy causes the gpg-agent to open a pinentry
+on the display or on the terminal, on which it (the gpg-agent) was
+started.
 
 @end table
 
@@ -396,6 +427,9 @@
 @node Agent Protocol
 @section Agent's Assuan Protocol
 
+Note: this section does only document the protocol, which is used by
+GnuPG components; it does not deal with the ssh-agent protocol.
+
 The @command{gpg-agent} should be started by the login shell and set an
 environment variable to tell clients about the socket to be used.
 Clients should deny to access an agent with a socket name which does