Windows, GnuPG, ssh, github, ...
Marko Božiković
bozho at kset.org
Fri Jun 26 10:44:55 CEST 2015
On 26/06/2015 02:32, NIIBE Yutaka wrote:
>
> Please correct me if I'm wrong, I am not a user of Gpg4win.
> And... since I'm promoting use of card/token, my major use case is
> card/token.
>
> In GnuPG 2.0.x, yes, the steps are required. Well, I admit it's
> complicated. When done, private key material (I mean, RSA data) is
> both in secring.gpg and in the private-keys-v1.d directory. One is
> used by gpg frontend for OpenPGP operation and another is used by
> gpg-agent for ssh, S/MIME, and gpg-connect-agent.
>
> In GnuPG 2.1.x, private key is under control of gpg-agent, and it's
> (only) in the private-keys-v1.d directory. And IIUC, those additional
> steps are not required with GnuPG 2.1.x.
>
> That's because the design of programs were changed, so that the GnuPG
> suite can provide better user's control of operations.
>
> The reason why the steps is not required for smartcard in 2.0.x is
> that private key is not on the host and gpg frontend of 2.0.x has to
> talk to gpg-agent to access smartcard. It was a kind of side effect.
>
> In short, there were major design change from 2.0.x to 2.1.x.
Yup, the main reason why I wanted to try 2.1.x is because of that (Gpg4Win
uses 2.0.x) Reading your comment gave me a brainwave... It seems that even
though all the keys reside in private-keys-v1.d directory, you still need to
manually add a keygrip to the sshcontrol file for it to be served through
gpg-agent.
It kind of makes sense, but it's not very well documented (if at all :)
Thank you,
--
Marko
More information about the Gnupg-users
mailing list