gpg-agent only checks for smartcard not for local keys
Werner Koch
wk at gnupg.org
Mon Nov 4 12:46:03 CET 2019
On Sat, 2 Nov 2019 12:20, Horst Skatmus said:
> I do not understand how the gpg-agent determines where to look for the
> private key (disk or smartcard) and where this is configured. I can switch
> off the scdaemon via --disable-scdaemon but this has no effect.
At the time you use ssh-add (putty has a similar feature iirc) the key
is copied to GnuPG's private key store and added to the file sshcontrol
in GnuPG home directory ("gpgconf --list-dirs" shows this).
You can add the key also manuualy to the file. An entry there looks
like:
# Ed25519 key added on: 2016-11-29 10:28:00
# MD5 Fingerprint: b5:f9:23:5f:b2:8c:b2:58:7d:b3:1e:f4:7e:26:33:7c
1934563577D9EDA59D3CC74B0CF9C630EA3F302D 0
The header of the sshcontrol file has comments on the syntax.
In short you put the keygrip (as show in the KEYINFO lines or in
"gpg -k --with-keygrip") followed by the TTL for the cache
(0 for the default).
gpg-agend access the smartcard because the authenticstion key of an
inserted card is implicitly enabled for ssh. Which key this is depends
on the card and gpg-agent knows how to query this.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191104/38ec965c/attachment.sig>
More information about the Gnupg-users
mailing list