Remote use of keys on smartcard via gnupg-agent?

Jimmy Kaplowitz jimmy at kaplowitz.org
Wed Mar 29 01:58:22 CEST 2006


Hi,

I know that gnupg-agent can allow remote use of OpenPGP keys on a
locally-connected smartcard machine to authenticate an ssh connection
from one remote machine to another.  Access to the OpenPGP keys is
forwarded over the first ssh connection to the GPG agent as necessary,
without actually transfering the keys over the wire. (Please correct me
if I misunderstand this.)

What I'd like to do is forward access to those keys from the local
machine to a remote machine, but instead of using them to authenticate
ssh, I'd like to use them to sign or decrypt messages on the remote
machine, with a remote copy of gpg talking to the forwarded gpg-agent
just as it would talk to a non-forwarded copy on that machine. Is there
a way to do this, or can it be added?

I currently access my email via mutt over SSH, and therefore my private
key is currently stored on that remote server. I am fully aware how bad
of an idea this is, and so if what I ask above is possible, I plan to
move my private key to a secure offline location, put subkeys on a
smartcard that I take with me, and forward access to them over SSH to
the remote email server for routine use. Hopefully I'm not the only one
who wants this.

Thanks.

- Jimmy Kaplowitz
jimmy at kaplowitz.org



More information about the Gnupg-users mailing list