OpenPGP smartcard - authentication key

Wolfgang Rosenauer wolfgang.rosenauer at an-netz.de
Tue May 3 14:56:45 CEST 2005


Werner Koch wrote:

> If that is an 1024 bit RSA key, this is indeed possible.  The HOWTO
> will tell you:
> 
>   http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO
> 
> In short: Use gpg --edit-key and then the command keytocard.  The
> problem might be to convert an SSH key to a GnuPG key. There is no
> instant solution for 1.4 - with 1.9 and the gpg-agent SSH support is
> included and a mere ssh-add will be suffcient; but well the key is
> then stored in gpg-agent's own format.
> 
> In general I do not suggest to do this at all.  Better generate a new
> key on-card and use this as your new ssh key. It is pretty simple to
> change your ssh key and this allows you to slowly retire your old ssh
> key.

OK, I've generated an authentication key within GPG on the card.
Now there are some questions left ;-)
How to get this special public key out of the complete public-key of 
this GPG ID?
I've tried gpg -a --export KEYID but I'm not sure if this is the correct 
format for SSH usage.

The other thing is (more an OpenSSH question) how to tell openssh to use 
the key from the card?

Thanks,
  Wolfgang



More information about the Gnupg-users mailing list