Howto add ssh keys to .gnupg/sshcontrol?
Werner Koch
wk at gnupg.org
Mon Oct 9 19:48:48 CEST 2006
On Mon, 9 Oct 2006 12:11, Michael Bienia said:
> The comment also mentions that one can add it manually by adding a
> keygrip of 40 hex digits. How do I get this keygrip from my ssh key to
> add it manually?
Is this for a key from an OpenPGP card?
I see that we need a tool to display the keygrip. What you can do now
is to use this workaround
$ echo scd learn --force | gpg-connect-agent | grep KEYPAIRINFO
S KEYPAIRINFO AB820B6FB3CB34AEF54429140D0810190132738D OPENPGP.1
S KEYPAIRINFO 6033BB648CA5EA607457880D899A587C9EEB0B9F OPENPGP.2
S KEYPAIRINFO BDA5176784C7A7CE8F15AE629E3F6203E3CA42BF OPENPGP.3
What you want is the keygrip from the OPENPG.3 line. Unfortunately
this works only with the latest gpg-agent from gnupg 1.9.91.
Another way of looking at the keygrip is when using an X.509 key:
"gpgsm --dump-key <certspec>" also shows the keygrip.
If you want to use an existing ssh key with gpg-agent, it is far
easier:
ssh-add
and gpg-agent will popup a window to ask you for a new passphrase to
protect an existing ssh- key under gpg-agent. gpg-agent then creates
a copy of the private key in its own key storage
(~/.gnupg/private-keys-v1.d/) and adds an entry to sshcontrol. If you
use "ssh-add -l" or -L the key will get listed. BTW, the keygrip is
the name of the file as storred in the private-keys directory. To
print this file in a non-binary format, you may use "gpg-protect-tool
<thatfile>"
Shalom-Salam,
Werner
More information about the Gnupg-users
mailing list