<div dir="ltr">Hi All,<div><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">I am using the following command</p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">gpg --batch --passphrase-fd n and it stops popup which asks for the passphrase. but when I run this command on window server 12 it's not working its always show popup for the passphrase. can someone please help me how can I stop popup on window server 12.</p><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:12.8px"><div dir="ltr"><br></div><div dir="ltr"><table style="border-collapse:collapse;border-spacing:0px;max-width:100%;font-family:Roboto,Verdana,Arial;font-size:medium"><tbody><tr><td valign="middle" style="padding:0px 8px 0px 0px"> <table style="font-size:small;font-family:"Times New Roman""><tbody><tr><td><img src="http://www.upayasolution.com/c.744038/new-upaya-website/images/netsuite-award-v2-small.png" alt="" width="200" height="146"></td><td></td><td></td></tr></tbody></table></td><td valign="middle" style="font-size:12.8px;font-family:Arial;border-left:3px solid rgb(236,66,94);padding:0px 0px 0px 8px;border-top-color:rgb(236,66,94);border-right-color:rgb(236,66,94);border-bottom-color:rgb(236,66,94)"><div><span><span style="font-size:0.9em;color:rgb(236,66,94)">Shweta Tyagi</span> </span><span style="font-size:0.9em">Netsuite Technical Consultant</span></div><span style="font-size:0.9em">Upaya - The Solution Inc</span> <div><span><span style="font-size:0.9em;color:rgb(236,66,94)">p: </span><span style="font-size:0.9em">408-868-4477 </span> </span></div><div><span><span style="font-size:0.9em;color:rgb(236,66,94)">w: </span><span><a href="https://www.upayasolution.com/" style="background:transparent;color:rgb(0,0,0);font-size:0.9em" target="_blank">www.upayasolution.com</a></span> </span><span><span style="font-size:0.9em;color:rgb(236,66,94)">e: </span><span><a href="mailto:shweta@upayasolution.com" style="background:transparent;color:rgb(0,0,0);font-size:0.9em" target="_blank">shweta@upayasolution.com</a></span> </span></div><div><span><span style="font-size:0.9em;color:rgb(236,66,94)">s: </span><span style="font-size:0.9em">shweta.tyagi97</span> </span></div><div><span style="font-size:0.9em;color:rgb(236,66,94)">a: </span><span style="font-size:0.9em">4320 Stevens Creek Blvd Suite # 124, San Jose, CA 95129</span> </div><div style="line-height:1em;font-size:1em"> <a href="https://www.facebook.com/pages/Upaya-The-Solution-Inc/155447161187023" style="color:rgb(17,85,204);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:small" target="_blank"><img src="http://demo.upayasolution.com/upaya-website/social-icon/fb.png"> </a><span style="font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:small"> </span><a href="https://twitter.com/upayasolution" style="color:rgb(17,85,204);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:small" target="_blank"><img src="http://demo.upayasolution.com/upaya-website/social-icon/twitter.png"></a><span style="font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:small"> </span><a href="https://www.linkedin.com/company/upaya---the-solution-inc." style="color:rgb(17,85,204);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:small" target="_blank"><img src="http://demo.upayasolution.com/upaya-website/social-icon/in.png"></a><span style="font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:small"> </span><a href="https://plus.google.com/105509154382272912137" style="color:rgb(17,85,204);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:small" target="_blank"><img src="http://demo.upayasolution.com/upaya-website/social-icon/gplus.png"></a><span style="font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:small"> </span><a href="https://www.instagram.com/upayasolution/" style="color:rgb(17,85,204);font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:small" target="_blank"><img src="http://demo.upayasolution.com/upaya-website/social-icon/insta.png"></a></div></td></tr></tbody></table><span style="font-size:12.8px;color:rgb(0,0,0);font-family:arial"> </span><span style="font-size:12.8px;background-color:transparent;color:rgb(0,0,0);font-family:arial"> </span><span style="font-size:12.8px;background-color:transparent;color:rgb(0,0,0);font-family:arial"> </span><span style="font-size:12.8px;background-color:transparent;color:rgb(0,0,0);font-family:arial"> </span><span style="font-size:12.8px;background-color:transparent;color:rgb(0,0,0);font-family:arial"> </span></div><div dir="ltr"><div style="font-family:Roboto,Verdana,Arial;line-height:10px;font-size:10px"><div style="line-height:10px"> <br><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 26, 2019 at 4:22 PM Peter Lebbing <<a href="mailto:peter@digitalbrains.com">peter@digitalbrains.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 26/03/2019 09:16, Werner Koch wrote:<br>
> This lists all keys allowed for ssh with its keygrip (1234. and the<br>
> corresponding ssh fingerprint (SHA256:PTJI). Details as usual by using<br>
> 'help keyinfo'.<br>
<br>
Right, yes, the comment lines in sshcontrol are also really helpful for<br>
keys in sshcontrol.<br>
<br>
I should have been more explicit about my weird edge case.<br>
<br>
I use OpenPGP cards with a key in the authentication slot which is not<br>
part of any OpenPGP certificate, and is not in sshcontrol. gpg-agent is<br>
fine with this: if I have the card inserted, it will be offered as an<br>
authentication key to SSH servers. If I don't have the card inserted, it<br>
is not offered. This in contrast to the case where you were to add it to<br>
sshcontrol: then it would /ask/ for the card to be inserted if the<br>
server accepts the key. If it is not in sshcontrol, it will not be<br>
offered for SSH authentication.<br>
<br>
In this particular case, it is actually very easy to pick the correct<br>
SSH public key, because gpg-agent will add the comment "cardno:XXX",<br>
where XXX is the serial number of the card, to the public key when you<br>
do ssh-add -l or -L.<br>
<br>
It is more difficult to find the keygrip, though. While participating in<br>
this thread, I worked from the assumption that the key, for whatever<br>
reason, was not in sshcontrol, to catch edge cases such as this. I don't<br>
know whether there are other edge cases than this specific one where SSH<br>
keys are not in sshcontrol, though. This might be the only one.<br>
<br>
The use case I considered is this: I have a card I use on two PC's, but<br>
one of the PC's also has an on-disk SSH key. Some SSH accounts will only<br>
accept the card for authentication, but there are accounts which accept<br>
either key. If I'm on the machine with the on-disk key and my card is<br>
not inserted, it will pick the on-disk key. If I'm on the PC without<br>
the on-disk key, I cannot log in to that account without inserting the<br>
card.<br>
<br>
If the card were in sshcontrol, and it were offered before the on-disk<br>
key, I would be prompted to insert the card. But this would be<br>
unnecessary, since I have an on-disk key that will do the job just as<br>
well.<br>
<br>
But I have to say I no longer actually use this scenario :-). I did in<br>
the past, though.<br>
<br>
What would actually help in this use case, might be to have<br>
--card-status accept a --with-keygrip option. Then you have the<br>
"cardno:XXX" comment in ssh-add to pick the public key or its<br>
fingerprint, and --card-status to find the keygrip.<br>
<br>
> (I don't like the base64 encoding becuase it is hard to visual compare,<br>
> but that is how it is)<br>
<br>
Yes, I totally agree. And when matching stuff together like we do in<br>
this thread, we don't actually use any cryptographic properties of the<br>
fingerprint, there is no adversary. So MD5 might be easier on the eyes,<br>
but it has the disadvantage that the user needs to be /aware/ that they<br>
can get the same fingerprint format from ssh-keygen, ssh-add and<br>
gpg-agent. If they just see one format here and another there, they<br>
might very well not realise they can be made to match.<br>
<br>
So I'm inclined to think the default should be to output it in the same<br>
format in both tools.<br>
<br>
Plus, when it's purely for identification purposes, you can skip reading<br>
more letters of the base64 encoding once you've identified the right<br>
key.<br>
<br>
> I fixed that for 2.2.15 so that the above option is considered.<br>
> Further, it is also possible to use<br>
<br>
Neat! Thanks!<br>
<br>
> p.s. Eventually someone(tm) should write a GUI tool to list and manage<br>
> all kind of private keys in GnuPG. For example to list all users of a<br>
> certain private key.<br>
<br>
:-)<br>
<br>
Sorry for the long mail. I didn't see a lot of opportunity to shorten it<br>
without losing clarity. If I were to introduce a misunderstanding, it<br>
will only take even more time to sort out.<br>
<br>
Cheers,<br>
<br>
Peter.<br>
<br>
-- <br>
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.<br>
You can send me encrypted mail if you want some privacy.<br>
My key is available at <<a href="http://digitalbrains.com/2012/openpgp-key-peter" rel="noreferrer" target="_blank">http://digitalbrains.com/2012/openpgp-key-peter</a>><br>
<br>
_______________________________________________<br>
Gnupg-users mailing list<br>
<a href="mailto:Gnupg-users@gnupg.org" target="_blank">Gnupg-users@gnupg.org</a><br>
<a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" rel="noreferrer" target="_blank">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a><br>
</blockquote></div>