gpg-agent: ssh support

Moritz Schulte mo at g10code.com
Fri Jan 28 21:02:20 CET 2005


Hello folks,

I have commited my changes, which add ssh-agent support to the
gpg-agent, into GNUPG-1-9-BRANCH.  What this means: gpg-agent contains
the new option `--ssh-support', which enables the ssh-agent emulation.

From the manual:

  In this mode of operation, the agent does not only implement the
  gpg-agent protocol, but also the agent protocol used by OpenSSH
  (through a seperate socket).  Consequently, it should possible to use
  the gpg-agent as a drop-in replacement for the well known ssh-agent.

  SSH Keys, which are to be used through the agent, need to be added to
  the gpg-agent initially through the ssh-add utility.  When a key is
  added, ssh-add will ask for the password of the provided key file and
  send the unprotected key material to the agent; this causes the
  gpg-agent to ask for a passphrase, which is to be used for encrypting
  the newly received key and storing it in a gpg-agent specific
  directory.

  Once, a key has been added to the gpg-agent this way, the gpg-agent
  will be ready to use the key.

  Note: in case the gpg-agent receives a signature request, the user
  might need to be prompted for a passphrase, which is necessary for
  decrypting the stored key.  Since the ssh-agent protocol does not
  contain a mechanism for telling the agent on which display/terminal it
  is running, gpg-agent's --ssh-support switch implies --keep-display
  and --keep-tty.  This strategy causes the gpg-agent to open a pinentry
  on the display or on the terminal, on which it (the gpg-agent) was
  started.

Comments/feedback/bug reports are very welcome; happy hacking.

Thanks,
Moritz.

-- 
Moritz Schulte
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 193 bytes
Desc: not available
Url : /pipermail/attachments/20050128/8631f869/attachment-0001.pgp


More information about the Gnupg-devel mailing list