On 26/06/2015 02:32, NIIBE Yutaka wrote: > > Please correct me if I'm wrong, I am not a user of Gpg4win. > And... since I'm promoting use of card/token, my major use case is > card/token. > > In GnuPG 2.0.x, yes, the steps are required. Well, I admit it's > complicated. When done, private key material (I mean, RSA data) is > both in secring.gpg and in the private-keys-v1.d directory. One is > used by gpg frontend for OpenPGP operation and another is used by > gpg-agent for ssh, S/MIME, and gpg-connect-agent. > > In GnuPG 2.1.x, private key is under control of gpg-agent, and it's > (only) in the private-keys-v1.d directory. And IIUC, those additional > steps are not required with GnuPG 2.1.x. > > That's because the design of programs were changed, so that the GnuPG > suite can provide better user's control of operations. > > The reason why the steps is not required for smartcard in 2.0.x is > that private key is not on the host and gpg frontend of 2.0.x has to > talk to gpg-agent to access smartcard. It was a kind of side effect. > > In short, there were major design change from 2.0.x to 2.1.x.
Yup, the main reason why I wanted to try 2.1.x is because of that (Gpg4Win uses 2.0.x) Reading your comment gave me a brainwave... It seems that even though all the keys reside in private-keys-v1.d directory, you still need to manually add a keygrip to the sshcontrol file for it to be served through gpg-agent. It kind of makes sense, but it's not very well documented (if at all :) Thank you, -- Marko _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
