OpenPGP card and gpg-agent --enable-ssh-support
fizban at slackware.it
Sat Sep 3 01:48:30 CEST 2005
I own a OpenPGP Card, I run gnupg-1.4.2 + gnupg-1.9.18 (so I have gpg1,
gpg-agent, scdaemon, gpgkey2ssh). I started playing with the card today,
but I had no problems at all, beside when trying to use the "A" key
stored on the card in addition to 'gpg-agent --enable-ssh-support'.
This is what I tried:
$ gpgkey2ssh $ID_OF_THE_A_KEY > key
$ scp key user at box:/home/user
[login to box]
$ mv key .ssh/authorized_keys
Also, since I thought ssh-add was of no use in my case, I touch'd
.gnupg/sshcontrol (on the box gpg-agent is running from), and added the
fingerprint of the A key stored on my card.
Then I tried:
$ ssh box
But it still asks me the actual password for the user, not the pin or
the passphrase of my gpg key. So I thought I should have added some
other fingerprint to sshcontrol, and added the 2 remaining fingerprints.
Still, it will always ask me the actual password.
So I thought gpg-agent wasn't running properly, and I created
(ssh-keygen) a keypair on the fly, added with "ssh-add", scp'd the
public key to "box". ssh to box went as it was supposed to go; so
gpg-agent is going working just fine, I guess.
Well, then I'm doing something wrong when trying to use the "A" key
stored on my card? If so, what's the right way to do it, any hint?
Also, I noticed gpgkey2ssh will always produce a ssh-rsa key, even if I
pass it the CS or the E key, is this normal?
Andreas Liebschner <fizban at slackware.it>
More information about the Gnupg-users