[PATCH 0/4] T1756 gpg-agent doesn't accept ssh certificates

Igor Okulist okigan at gmail.com
Sat Mar 27 01:35:59 CET 2021


The link to the workflow (and test script):
https://github.com/okigan/gnupg-workspace/blob/feature/tp-5487-on-2.2.24/issues/tp-5487/repro.sh#L76

On Fri, Mar 26, 2021 at 5:32 PM Igor Okulist <okigan at gmail.com> wrote:
>
> On Thu, Mar 18, 2021 at 11:25 PM NIIBE Yutaka <gniibe at fsij.org> wrote:
> >
> > Igor Okulist wrote:
> > > This set of patches updates support for certificates and
> > > addresses (at least part of) https://dev.gnupg.org/T1756.
> > >
> > > With thes patches user shall be able to add RSA key and
> > > certificate to the gpg-agent and get a passwordless sign
> > > through signed certificates.
> >
> > AFAIU, ssh-agent (or gpg-agent's ssh-agent emulation) has no way to
> > _use_ certificates, when transferred from ssh-add.
> >
> > Please use -k option for ssh-add.  Then, no changes are required to
> > current implementation of gpg-agent.
> >
> > Please let us know your use case(s), if it's real.
> > --
>
>
> Thanks for review NIIBE,
>
> You are absolutely right, but current functionality of gpg-agent does not allow
> certificate based login. Here is a workflow (and test script) showing usage of
> ssh-agent and gpg-agent and unfortunately it would not work with
> gpg-agent as is.
>
> So looking for a way to use gpg-agent with ssh and actually other tools as well,
> the attached patch allowed it to work, but I would be curious if there
> is another way to do that.
>
> Regards,
> Igor



More information about the Gnupg-devel mailing list