gpg-agent: ssh support
mail at joachim-breitner.de
Sat Jan 29 18:26:49 CET 2005
Hi Moritz, hi List,
good news, thanks so far.
I got a suggestion. Would it be possible to have gpg-agent encrypt the
ssh key with my gpg key instead of yet another password? This way, I
would not notice the difference between whether the gpg or the ssh key
is used, and I'd get some added value when using the openpgp-smartcards.
BTW: Today I hacked your poldi code to read the PIN from the login data
field from the card. I'll fix up the code and send you a patch maybe
tomorrow, but you might want to implement it differently, more cleanly
Am Freitag, den 28.01.2005, 21:02 +0100 schrieb Moritz Schulte:
> Hello folks,
> I have commited my changes, which add ssh-agent support to the
> gpg-agent, into GNUPG-1-9-BRANCH. What this means: gpg-agent contains
> the new option `--ssh-support', which enables the ssh-agent emulation.
> From the manual:
> In this mode of operation, the agent does not only implement the
> gpg-agent protocol, but also the agent protocol used by OpenSSH
> (through a seperate socket). Consequently, it should possible to use
> the gpg-agent as a drop-in replacement for the well known ssh-agent.
> SSH Keys, which are to be used through the agent, need to be added to
> the gpg-agent initially through the ssh-add utility. When a key is
> added, ssh-add will ask for the password of the provided key file and
> send the unprotected key material to the agent; this causes the
> gpg-agent to ask for a passphrase, which is to be used for encrypting
> the newly received key and storing it in a gpg-agent specific
> Once, a key has been added to the gpg-agent this way, the gpg-agent
> will be ready to use the key.
> Note: in case the gpg-agent receives a signature request, the user
> might need to be prompted for a passphrase, which is necessary for
> decrypting the stored key. Since the ssh-agent protocol does not
> contain a mechanism for telling the agent on which display/terminal it
> is running, gpg-agent's --ssh-support switch implies --keep-display
> and --keep-tty. This strategy causes the gpg-agent to open a pinentry
> on the display or on the terminal, on which it (the gpg-agent) was
> Comments/feedback/bug reports are very welcome; happy hacking.
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
e-Mail: mail at joachim-breitner.de
Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge.
More information about the Gnupg-devel