gpg-agent, authentication key, and ssh

Matthew Monaco matt at 0x01b.net
Tue Jul 23 06:34:32 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

(Sorry if this has been asked/explained but my searches return mostly
directions on using ssh-add with gpg-agent.)

As I understand it, I can create an authentication subkey and use some utility
to convert that to an ssh key. If this conversion is possible, then why can't
the gpg-agent consider private auth (sub)keys along with ssh keys loaded via
the SSH_AUTH_SOCK protocol?

===

Also, out of curiosity... Would it be possible to multiplex the GPG_AGENT_INFO
protocol with SSH_AUTH_SOCK? Damien Miller of OpenSSH has talked about unix
socket forwarding [0], but nothing has come of it. I think it'd be a big win
for usability and security if we could easily sign/encrypt on a remote host.
(/Easily/, so no socat).

Best,
Matt

[0] http://marc.info/?l=openssh-unix-dev&m=135207982210122
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)

iJwEAQEKAAYFAlHuB9gACgkQCQQZ328kNeqmHQQAqds7hzzsEczCZ1wd+wDVI45N
L/UTpD/sxqaIqGBb7w2nLbvjielMpXRT4AuUHqfMwfD2Y/NwAxXGkWlUz8G0kSwZ
hf+tN0MlpWuudOwb6rC/FC5JPd0PKaTWwJLnf6T5YAWG8ZgaILSzUo4v79+CaBMo
ncJTjr1kySfCjlRu7ZE=
=0vbj
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list