Hi all, Apologies for a long post :)
I haven't used gpg in years and recently I've picked it up with renewed interest for many different reasons. My initial goal would be to use gpg for ssh and github authentication (currently covered by ssh keyfiles and putty pageant). The intermediate goal would be to use duplicity for secure cloud backup of personal data and my end goal would be to use a physical token (yubikey or something similar) to handle my keyrings, passwords, etc... I've started working on the initial goal of having gpg-agent replace putty pageant and ssh-agent (for Cygwin's OpenSSH, which I prefer to putty) on my Windows machines. It's been nearly impossible to find all of the information I need in one place, but I think I've managed to piece together enough bits(ha!) Gpg on Windows should work with putty out of the box - if I understood correctly, Gpg4Win for 2.0.X and the official 2.1.x builds support putty interop. ssh-pageant provides a "bridge" that enables OpenSSH to talk to gpg-agent on Windows. Now, there is one bit I don't quite understand why things work the way they do... I've reduced the process to these steps (on 2.0.X): 1. create a master S, C key, 4096 RSA 2. create an A subkey, 4099 RSA 3. configure gpg-agent to run with putty support 4. run gpg-agent -> run Cygwin bash 5. start ssh-pageant (using dev's instructions) 6. running 'ssh-add -l' returns no identities At this point, I would expect gpg-agent to serve my authentication pubkey as an identity. I haven't tried using gpg-agent as an ssh-agent on Linux yet, but I don't suspect this is a Windows-specific issue/thing, since I can make gpg-agent serve my pubkey using following steps: 7. export my subkey 8. use monkeysphere's openpgp2ssh to convert the key to SSH format (this one is inconvenient if you're on a Windows machine since there is no Win port of monkeysphere) 9. while pgp-agent and ssh-pagenat are running, run ssh-add <subkey_file> to add the key to gpg-agent. 10. as a result, the key is imported into private-keys-v1.d directory and added to sshcontrol file. 11. running ssh-add -l after that produces the desired output My question is basically: what are the reasons that make these additional steps necessary? Why is it necessary to export my authentication key and import it into slightly different location in order for it to get serverd by gpg-agent? It only makes subkey management more difficult. I did find writeups with people mentioning that the things work with steps 1-6 if a smartcard is used to store the keyring, but the additional steps (7-11) are needed if keyrings are stored on a disk, but nobody explains why. Or am I doing something wrong? :) Thnak you, -- Marko _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
