GnuPG & OpenSSH
wk at gnupg.org
Mon Aug 20 17:49:44 CEST 2007
On Mon, 20 Aug 2007 14:10, sriharivijayaraghavan at yahoo.com.au said:
> 1. Is it possible to have only one key pair (public & secret pref. DSA) that
> can be used for both GPG & OpenSSH? (as a sys admin of some interest in
> cryptography, this is an important question)
Yes. However you want separate keys for separate tasks. Fortunately
OpenPGP provides just that: There is a primary key for certifying other
keys (and subkeys) and subkeys for encryption, signing and
authentication. The authentication key may be used for SSH.
> 2. Is gpg-agent, SSH agent service provided by GPG etc. somehow useful only
> when one has a card reader? Or put it other way, is it useful even when one
> has no card reader?
Yes, I use it mostly without a card. This allows for a nice passphrase
prompting and caching by gpg-agent. No more need for ssh-add.
> 3. Am I missing a simple 'GPG/OpenSSH unification for dummies' (dummies like
> me :-)) with a few solid examples on unifying GPG (keys - including exporting
> GPG public key to add into .ssh/authorized_keys, gpg-agent) with OpenSSH
> client side?
Me too ;-). There are some text fragments floating around but there is
no real HOWTO.
Die Gedanken sind frei. Auschnahmen regelt ein Bundeschgesetz.
More information about the Gnupg-users