Howto add ssh keys to .gnupg/sshcontrol?

Werner Koch wk at
Mon Oct 9 19:48:48 CEST 2006

On Mon,  9 Oct 2006 12:11, Michael Bienia said:

> The comment also mentions that one can add it manually by adding a
> keygrip of 40 hex digits. How do I get this keygrip from my ssh key to
> add it manually?

Is this for a key from an OpenPGP card?

I see that we need a tool to display the keygrip.  What you can do now
is to use this workaround

$ echo scd learn --force | gpg-connect-agent | grep KEYPAIRINFO
S KEYPAIRINFO AB820B6FB3CB34AEF54429140D0810190132738D OPENPGP.1

What you want is the keygrip from the OPENPG.3 line.  Unfortunately
this works only with the latest gpg-agent from gnupg 1.9.91.

Another way of looking at the keygrip is when using an X.509 key:
"gpgsm --dump-key <certspec>" also shows the keygrip.

If you want to use an existing ssh key with gpg-agent, it is far


and gpg-agent will popup a window to ask you for a new passphrase to
protect an existing ssh- key under gpg-agent.  gpg-agent then creates
a copy of the private key in its own key storage
(~/.gnupg/private-keys-v1.d/) and adds an entry to sshcontrol.  If you
use "ssh-add -l" or -L the key will get listed.  BTW, the keygrip is
the name of the file as storred in the private-keys directory.  To
print this file in a non-binary format, you may use "gpg-protect-tool



More information about the Gnupg-users mailing list