gpg-agent: What is a keygrip?
Hauke Laging
mailinglisten at hauke-laging.de
Tue Jul 30 21:54:49 CEST 2013
Hello,
I just had one of these unpleasant moments when you realize that you haven't
understood something you believed to have understood for quite a while... :-/
gpg-agent identifies keys by their keygrip. But gpg-agent cares about secret
keys only. So by my naive understanding the application talking to gpg-agent
cannot know the keygrip of the key material itself. Because gpg-agent does
hide this key material from the application.
Is the keygrip computed over the passphrase-protected key material (which the
application knows)? I.e. does the keygrip change if the passphrase changes?
Or does gpg-agent use only pairs of secret and public keys and the keygrip
refers to the public key?
Another gpg-agent problem:
It seems to me that you can only check for keys which you know. Is it possible
to get a list of the known keygrips from gpg-agent? I create keys in an
account with an empty keyring thus getting only one keygrip would be
unambiguous.
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130730/2671c82d/attachment.sig>
More information about the Gnupg-users
mailing list