GnuPG & OpenSSH

Werner Koch wk at
Mon Aug 20 17:49:44 CEST 2007

On Mon, 20 Aug 2007 14:10, sriharivijayaraghavan at said:

> 1. Is it possible to have only one key pair (public & secret pref. DSA) that
> can be used for both GPG & OpenSSH? (as a sys admin of some interest in
> cryptography, this is an important question)

Yes.  However you want separate keys for separate tasks.  Fortunately
OpenPGP provides just that: There is a primary key for certifying other
keys (and subkeys) and subkeys for encryption, signing and
authentication.  The authentication key may be used for SSH.

> 2. Is gpg-agent, SSH agent service provided by GPG etc. somehow useful only
> when one has a card reader? Or put it other way, is it useful even when one
> has no card reader?

Yes, I use it mostly without a card.  This allows for a nice passphrase
prompting and caching by gpg-agent.  No more need for ssh-add.

> 3. Am I missing a simple 'GPG/OpenSSH unification for dummies' (dummies like
> me :-)) with a few solid examples on unifying GPG (keys - including exporting
> GPG public key to add into .ssh/authorized_keys, gpg-agent) with OpenSSH
> client side?

Me too ;-).  There are some text fragments floating around but there is
no real HOWTO.



Die Gedanken sind frei.  Auschnahmen regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list