Windows, GnuPG, ssh, github, ...
gniibe at fsij.org
Fri Jun 26 03:32:59 CEST 2015
On 06/25/2015 10:36 PM, Marko Božiković wrote:
> Gpg on Windows should work with putty out of the box - if I understood
> correctly, Gpg4Win for 2.0.X and the official 2.1.x builds support putty
> interop. ssh-pageant provides a "bridge" that enables OpenSSH to talk to
> gpg-agent on Windows.
> Now, there is one bit I don't quite understand why things work the way they
> do... I've reduced the process to these steps (on 2.0.X):
> My question is basically: what are the reasons that make these additional
> steps necessary? Why is it necessary to export my authentication key and
> import it into slightly different location in order for it to get serverd by
> gpg-agent? It only makes subkey management more difficult.
> I did find writeups with people mentioning that the things work with steps 1-6
> if a smartcard is used to store the keyring, but the additional steps (7-11)
> are needed if keyrings are stored on a disk, but nobody explains why.
Please correct me if I'm wrong, I am not a user of Gpg4win.
And... since I'm promoting use of card/token, my major use case is
In GnuPG 2.0.x, yes, the steps are required. Well, I admit it's
complicated. When done, private key material (I mean, RSA data) is
both in secring.gpg and in the private-keys-v1.d directory. One is
used by gpg frontend for OpenPGP operation and another is used by
gpg-agent for ssh, S/MIME, and gpg-connect-agent.
In GnuPG 2.1.x, private key is under control of gpg-agent, and it's
(only) in the private-keys-v1.d directory. And IIUC, those additional
steps are not required with GnuPG 2.1.x.
That's because the design of programs were changed, so that the GnuPG
suite can provide better user's control of operations.
The reason why the steps is not required for smartcard in 2.0.x is
that private key is not on the host and gpg frontend of 2.0.x has to
talk to gpg-agent to access smartcard. It was a kind of side effect.
In short, there were major design change from 2.0.x to 2.1.x.
More information about the Gnupg-users