gpg-agent's SSH agent emulation: how to remove keys?
Ben Low
benjamin.d.low at gmail.com
Wed Jul 18 07:11:45 CEST 2018
Ah, I found the thread 'Deleting SSH key(s) from agent' from 2016, wherein
it was pointed out that gpg-connect-agent's keyinfo and delete_key commands
can be used to delete keys:
https://lists.gnupg.org/pipermail/gnupg-users/2016-August/056499.html
On 18 July 2018 at 14:37, Ben Low <benjamin.d.low at gmail.com> wrote:
> gpg-agent's enable-ssh-support option makes it "possible to use the
> gpg-agent as a drop-in replacement for the well known ssh-agent"
> gpp-agent(1).
>
> There is a caveat in this 'drop-in replacement': unlike the well-known
> ssh-agent which caches keys only for the duration of the agent's process
> lifetime, gpg-agent makes its own copy that persists. The man page does
> implicitly note this by way of "gpg-agent [asks] for a passphrase, which is
> to be used for encrypting the newly received key and _storing_ it in a
> gpg-agent specific directory" (emphasis mine).
>
> Practically, this means that once a key is added to gpg-agent it's unclear
> as to how to remove it. ssh-add -d/-D doesn't work, and you can't simply
> remove keys from ~/.ssh/ and restart the agent as gpg-agent's not referring
> to those files.
>
> Seems like the only(?) method to remove SSH keys from gpg-agent is to look
> up the keygrip for the desired key in sshcontrol, then remove it from
> there as well as rm the matching file in private-keys-v1.d/ ? Is there
> anything else that needs cleaning up after doing that?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180718/3ca209f6/attachment.html>
More information about the Gnupg-users
mailing list