Pageant proxy to gpg-agent

NIIBE Yutaka gniibe at
Tue Jan 22 07:33:04 CET 2013

On 2013-01-21 at 10:06 +0100, Werner Koch wrote:
> On Mon, 21 Jan 2013 08:20, gniibe at said:
> > (1) fopen with "wx" seems not to be supported on Windows
> Yes, it is a GNU extension.  IIRC, I replaced fopen by es_fopen while
> working on the Windows CE port.  Thus 2.1 should have solved this
> portability problem.  Shall we backport it?
> > (2) When I sent a request of SSH2 REQUEST IDENTITIES, it failed.  The
> >     output of log of GPG-Agent is like this:
> Are we talkig about 2.0 or 2.1?  While supporting ECC in 2.1, I fixed a
> couple of flaws.

I was talking about GnuPG 2.0.17 on Windows.  I am using GPG4Win
(2.1.1 beta).

I think that it's good to backport the changes from 2.1 to 2.0.

> > looked through the code of Cygwin, and I realized that the way to
> > implement Unix Socket Emulation is mostly same as GnuPG, but differs a
> > bit.  I think that it is good to run GnuPG's SSH-agent feature as
> Cygwin is very different from native Windows.  I don't know what Cygwin
> does (I have not looked at it for more than a decade) but GnuPG uses
> local TCP sockets along with a random nonce; thus there are a few extra
> bytes at the start of a connection.  The reason to use TCP+random is
> that it allows to restrict connections to the localhost.

Today, I did an experiment for SSH-agent-proxy (against Cygwin
OpenSSH), and it worked for me.

Cygwin's emulation is like this:

   (1) For AF_LOCAL socket, it creates a file with
       FILE_ATTRIBUTE_SYSTEM.  The content format is:

           "!<socket >%d %c %08x-%08x-%08x-%08x\x00"

       %d for port number, %c for kind of socket (s for STREAM), and
       we have 16-byte random bytes for nonce.

   (2) It uses TCP, after connection of TCP sockets, client sends
       a nonce, server receives the nonce and check it.  Server
       sends back to the nonce, and client receives it (I don't
       know the reason for this).

       Then, client sends credential information (pid, uid, gid) to
       server.  Server receives it, and sends back its credential
       information to client.

   (3) After this initial transaction, communication goes as normal.

I think that the support of Cygwin Unix Domain socket can be
implemented as an enhancement of libassuan.  Perhaps, it's just adding
a flag (or functions) to support Cygwin compatible AF_LOCAL socket.

More information about the Gnupg-devel mailing list