gpg-agent only checks for smartcard not for local keys
wk at gnupg.org
Mon Nov 4 12:46:03 CET 2019
On Sat, 2 Nov 2019 12:20, Horst Skatmus said:
> I do not understand how the gpg-agent determines where to look for the
> private key (disk or smartcard) and where this is configured. I can switch
> off the scdaemon via --disable-scdaemon but this has no effect.
At the time you use ssh-add (putty has a similar feature iirc) the key
is copied to GnuPG's private key store and added to the file sshcontrol
in GnuPG home directory ("gpgconf --list-dirs" shows this).
You can add the key also manuualy to the file. An entry there looks
# Ed25519 key added on: 2016-11-29 10:28:00
# MD5 Fingerprint: b5:f9:23:5f:b2:8c:b2:58:7d:b3:1e:f4:7e:26:33:7c
The header of the sshcontrol file has comments on the syntax.
In short you put the keygrip (as show in the KEYINFO lines or in
"gpg -k --with-keygrip") followed by the TTL for the cache
(0 for the default).
gpg-agend access the smartcard because the authenticstion key of an
inserted card is implicitly enabled for ssh. Which key this is depends
on the card and gpg-agent knows how to query this.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 227 bytes
Desc: not available
More information about the Gnupg-users