> I've successfully set it up, now whenever I restart gpg-agent (e.g. on > reboot), it will ask for the passphrase twice, once for the GPG keys, > once for the SSH keys, even though they are the same passphrases.
I need a solution for this same problem. > You may now wonder why this does not happen when you decrypt a mail, > reply to it and sign the reply. [...] gpg-agent knows about it and > tries the last passphrase used for any of the the subkeys of a key. However, even if the primary key has capabilities [SCA] and one subkey has capability [E], if I use the subkey for encryption first and then try to use the primary key for SSH I am asked for the passphrase again. Is this expected? > No, there is no way to configure an extra hack to also test a > passphrase for an ssh key. Do you not think this could be useful? Gnupg uses the same passphrase for the primary key and all subkeys by default, so this should be a common setup? > I thought of one way, but really is a hack and it's predicated on the > standard key access being invoked first. If SSH always comes first > then it won't work. Could you tell me what your hack is? My current solution is use one primary key with [SCA] capabilities and one [E] subkey. In my scripts, instead of gpg --decrypt [...] && ssh [...] I now use gpg -s </dev/null >/dev/null && gpg --decrypt [...] && ssh [...] which asks for my passphrase once for signing and then uses it for decrypting and for ssh. Do you know any clean way to do this? Note that I only need this for scripts that do multiple things simultaneously, so I *can* run arbitrary commands first. It would be perfectly fine for me to send something like "ask for only one passphrase and try to unlock KEYGRIP1 and KEYGRIP2 with it" to the agent. (Or, even better "if the passphrase for KEYGRIP1 or KEYGRIP2 is cached, try to unlock the other one with that. Otherwise ask for one passphrase and unlock both".) Is such a thing possible? Regards, DH _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users