Ah, I found the thread 'Deleting SSH key(s) from agent' from 2016, wherein it was pointed out that gpg-connect-agent's keyinfo and delete_key commands can be used to delete keys: https://lists.gnupg.org/pipermail/gnupg-users/2016-August/056499.html
On 18 July 2018 at 14:37, Ben Low <[email protected]> wrote: > gpg-agent's enable-ssh-support option makes it "possible to use the > gpg-agent as a drop-in replacement for the well known ssh-agent" > gpp-agent(1). > > There is a caveat in this 'drop-in replacement': unlike the well-known > ssh-agent which caches keys only for the duration of the agent's process > lifetime, gpg-agent makes its own copy that persists. The man page does > implicitly note this by way of "gpg-agent [asks] for a passphrase, which is > to be used for encrypting the newly received key and _storing_ it in a > gpg-agent specific directory" (emphasis mine). > > Practically, this means that once a key is added to gpg-agent it's unclear > as to how to remove it. ssh-add -d/-D doesn't work, and you can't simply > remove keys from ~/.ssh/ and restart the agent as gpg-agent's not referring > to those files. > > Seems like the only(?) method to remove SSH keys from gpg-agent is to look > up the keygrip for the desired key in sshcontrol, then remove it from > there as well as rm the matching file in private-keys-v1.d/ ? Is there > anything else that needs cleaning up after doing that? > >
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
