adding passphrases to gpg-agent
Jorge Almeida
jalmeida at math.ist.utl.pt
Fri Nov 24 15:07:59 CET 2006
On Fri, 24 Nov 2006, Werner Koch wrote:
>
> That is how you use gpg-agent. Really, it is a plug-in replacement of
> ssh-agent. It works different internally but at a user level it is
> very simlar.
>
My talk about ssh-agent may have induced you in error. My fault.
I was not comparing ssh-agent with gpg-agent as replacement for
ssh-agent! I mentioned my setup of ssh-agent just to give an idea of
what I was trying to accomplish. In other words, I wanted a similar
setup for gpg-agent but only for its uses of signing and encrypting, not
for ssh authentication.
Correct me if I'm wrong, but there is no way to add passphrases other
than by using it for some signing or encrypting. And how to do it from a
remote box? I know about X forwarding, but I don't want to use it (slow
& clumsy). And pinentry-curses didn't work for me, even at the local
box. Even assuming that there was some misconfiguration that caused
this, I think a CLI way to add passphrases was a natural thing to
expect, at least for UNIX users (of course, this would not be
incompatible with graphical alternatives).
> For example, you don't need to use ssh-add every time after starting
> the agent. You do it only once and gpg-agent will store the entire
> key on disk and no just in memeory as ssh-agent does. If you later
What about the passphrase gpg-agent asks when adding the key via
ssh-add? Is it needed only after gpg-agent receives a TERM or HUP? And
is it the same for all keys stored?
> want to control what ssh keys are available to gpg-agent, you can edit
> the ~/.gnupg/sscontrol file and give gpg-agent a HUP.
>
Interesting. I didn't have a real close look at gpg-agent as ssh-agent
replacement yet, but the --enable-ssh-support entry in
http://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html#Agent-Options
says that a different socket is opened for this functionality. But then
a client would know about it only through inheriting an env variable; I
would use the --use-standard-socket for gpg-agent signing/encryption
socket, but what about the other socket?
>
Cheers,
Jorge
More information about the Gnupg-users
mailing list