GPG key to authenticate to SSH?
wk at gnupg.org
Wed Jul 25 12:04:44 CEST 2012
On Tue, 24 Jul 2012 22:04, jeroen at budts.be said:
> apparently they didn't work. Now I completely disabled 'Launch GNOME
> services on startup' in XFCE so gnome-keyring is not started anymore.
> Now I get the correct output from the above command.
Please complain on the xfce and gnome lists and tell them they should
stop hijacking gpg-agent - at least by default.
> What I really wanted to accomplish here is to use my GPG
> authentication subkey for SSH authentication, without having to use an
> SSH-key at all. But it is still not clear to me how this can be
> accomplished, if possible at all?
With 2.1-betaX it is easy to do. With older version you need probably
need to use gpgkey2ssh. But the latter is not weel documented and
frankly I have not used it at all.
In case you can use 2.1-beta, here what I would do:
$ gpg2 --with-keygrip -k 1E42B367
pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31]
Keygrip = 44B9E7E287B11C0E033A1A93ECCFDBC6AF7CCFAE
uid Werner Koch <wk at gnupg.org>
sub 1024D/77F95F95 2011-11-02
Keygrip = D11C82133CAADCA42A00074D5EE92023B85110DF
sub 2048R/C193565B 2011-11-07 [expires: 2013-12-31]
Keygrip = 52A831E2CCCD992BCA0D3082B1D945DA5451BE50
Now assuming 77F95F95 would be an authenticaion key, you run a
echo "D11C82133CAADCA42A00074D5EE92023B85110DF 0" >>~/.gnupg/sshcontrol
and you are done. The point with 2.1 is that it stored the key material
independent from the protocol and thus you may use as you like.
gpg-agent does not need gpg to work with this subkey. When migrating to
2.1 (see the README) gpg transfers the key material to gpg-agent.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users