OpenPGP card and gpg-agent --enable-ssh-support

Andreas Liebschner fizban at
Sat Sep 3 01:48:30 CEST 2005


I own a OpenPGP Card, I run gnupg-1.4.2 + gnupg-1.9.18 (so I have gpg1,
gpg-agent, scdaemon, gpgkey2ssh). I started playing with the card today,
but I had no problems at all, beside when trying to use the "A" key
stored on the card in addition to 'gpg-agent --enable-ssh-support'.

This is what I tried:

$ gpgkey2ssh $ID_OF_THE_A_KEY > key
$ scp key user at box:/home/user
[login to box]
$ mv key .ssh/authorized_keys

Also, since I thought ssh-add was of no use in my case, I touch'd
.gnupg/sshcontrol (on the box gpg-agent is running from), and added the
fingerprint of the A key stored on my card.

Then I tried:

$ ssh box

But it still asks me the actual password for the user, not the pin or
the passphrase of my gpg key. So I thought I should have added some
other fingerprint to sshcontrol, and added the 2 remaining fingerprints.
Still, it will always ask me the actual password.

So I thought gpg-agent wasn't running properly, and I created
(ssh-keygen) a keypair on the fly, added with "ssh-add", scp'd the
public key to "box". ssh to box went as it was supposed to go; so
gpg-agent is going working just fine, I guess.

Well, then I'm doing something wrong when trying to use the "A" key
stored on my card? If so, what's the right way to do it, any hint?

Also, I noticed gpgkey2ssh will always produce a ssh-rsa key, even if I
pass it the CS or the E key, is this normal?


Andreas Liebschner <fizban at>

More information about the Gnupg-users mailing list