Is --export-ssh-key functionality possible with GnuPG 2.0?
Peter Lebbing
peter at digitalbrains.com
Fri Nov 25 21:37:40 CET 2016
On 25/11/16 14:36, Stephan Beck wrote:
> Would you please describe more in detail where (or in which way, in
> which use case) the window is left open?
Let me reuse a bit of quote from an earlier mail:
>>> A2) Export the secret subkey you'd like to use for ssh authentication
>>> purposes and pipe it through openpgp2ssh
>>> gpg2 --export-secret-subkeys \
>>> --export-options export-reset-subkey-passwd [keyID!] | \
>>> openpgp2ssh [keyID] > gpg-auth-keyfile
Here a file is created with most likely mode 0644. It contains an
unencrypted private key, and anyone being quick about it can read the
file until you have time to type....
>>>
>>> A3) Set correct permissions
>>>
>>> chmod 0600 gpg-auth-keyfile
... and from this moment on it is secure.
If somebody knew beforehand you were going to do this on a multi-user
system, he could monitor likely directories programmatically and catch
you in the act. Paranoia mode... on!
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list