gpg-agent: ssh support

Moritz Schulte mo at g10code.com
Sun Jan 30 01:19:59 CET 2005


On Sat, Jan 29, 2005 at 06:26:49PM +0100, Joachim Breitner wrote:

> I got a suggestion. Would it be possible to have gpg-agent encrypt
> the ssh key with my gpg key instead of yet another password? This
> way, I would not notice the difference between whether the gpg or
> the ssh key is used, and I'd get some added value when using the
> openpgp-smartcards.

Hmm.  Well, the agent does not support this way of protecting a key at
the moment.  I don't like this idea too much, 'cause it would make the
code more complex.

Werner, what do you think about this?

Joachim: it should take little work to make the ssh emulation of
gpg-agent support the openpgp card natively.  As far as I know, most
of what is needed is there: a way to install a "shadowed" version of
the key beneath private-keys-v1.d; code in agent to divert an
operation on a shadowed key to scdaemon.

I have to admit, I have not fully understood this mechanism yet; I
have not managed to install such a shadowed key with the correct
shadow information, so that the agent can use it.  Werner: am I right
in assuming, that this code (at least the part in the protect-tool
(which is to be used for this purpose, right?) is not really usuable
yet?

How can I make it work? :)

Thanks,
Moritz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 193 bytes
Desc: not available
Url : /pipermail/attachments/20050130/288da70d/attachment.pgp


More information about the Gnupg-devel mailing list