Windows, GnuPG, ssh, github, ...

Marko Božiković bozho at kset.org
Fri Jun 26 10:44:55 CEST 2015


On 26/06/2015 02:32, NIIBE Yutaka wrote:
> 
> Please correct me if I'm wrong, I am not a user of Gpg4win.
> And... since I'm promoting use of card/token, my major use case is
> card/token.
> 
> In GnuPG 2.0.x, yes, the steps are required.  Well, I admit it's
> complicated.  When done, private key material (I mean, RSA data) is
> both in secring.gpg and in the private-keys-v1.d directory.  One is
> used by gpg frontend for OpenPGP operation and another is used by
> gpg-agent for ssh, S/MIME, and gpg-connect-agent.
> 
> In GnuPG 2.1.x, private key is under control of gpg-agent, and it's
> (only) in the private-keys-v1.d directory.  And IIUC, those additional
> steps are not required with GnuPG 2.1.x.
> 
> That's because the design of programs were changed, so that the GnuPG
> suite can provide better user's control of operations.
> 
> The reason why the steps is not required for smartcard in 2.0.x is
> that private key is not on the host and gpg frontend of 2.0.x has to
> talk to gpg-agent to access smartcard.  It was a kind of side effect.
> 
> In short, there were major design change from 2.0.x to 2.1.x.

Yup, the main reason why I wanted to try 2.1.x is because of that (Gpg4Win
uses 2.0.x) Reading your comment gave me a brainwave... It seems that even
though all the keys reside in private-keys-v1.d directory, you still need to
manually add a keygrip to the sshcontrol file for it to be served through
gpg-agent.

It kind of makes sense, but it's not very well documented (if at all :)

Thank you,
-- 
Marko




More information about the Gnupg-users mailing list