Howto add ssh keys to .gnupg/sshcontrol?

Werner Koch wk at gnupg.org
Mon Oct 9 19:48:48 CEST 2006


On Mon,  9 Oct 2006 12:11, Michael Bienia said:

> The comment also mentions that one can add it manually by adding a
> keygrip of 40 hex digits. How do I get this keygrip from my ssh key to
> add it manually?

Is this for a key from an OpenPGP card?

I see that we need a tool to display the keygrip.  What you can do now
is to use this workaround

$ echo scd learn --force | gpg-connect-agent | grep KEYPAIRINFO
S KEYPAIRINFO AB820B6FB3CB34AEF54429140D0810190132738D OPENPGP.1
S KEYPAIRINFO 6033BB648CA5EA607457880D899A587C9EEB0B9F OPENPGP.2
S KEYPAIRINFO BDA5176784C7A7CE8F15AE629E3F6203E3CA42BF OPENPGP.3

What you want is the keygrip from the OPENPG.3 line.  Unfortunately
this works only with the latest gpg-agent from gnupg 1.9.91.

Another way of looking at the keygrip is when using an X.509 key:
"gpgsm --dump-key <certspec>" also shows the keygrip.

If you want to use an existing ssh key with gpg-agent, it is far
easier:

  ssh-add

and gpg-agent will popup a window to ask you for a new passphrase to
protect an existing ssh- key under gpg-agent.  gpg-agent then creates
a copy of the private key in its own key storage
(~/.gnupg/private-keys-v1.d/) and adds an entry to sshcontrol.  If you
use "ssh-add -l" or -L the key will get listed.  BTW, the keygrip is
the name of the file as storred in the private-keys directory.  To
print this file in a non-binary format, you may use "gpg-protect-tool
<thatfile>"


Shalom-Salam,

   Werner





More information about the Gnupg-users mailing list