subject:"Re\: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg\-agent"

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

2018-03-01 Thread Werner Koch

On Wed, 28 Feb 2018 15:02, w...@gnupg.org said:

> Oh no, I don't want to promote create solutions of our complex API ;-)

s/create/creative/



-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpGzDg0TYmpd.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

2018-03-01 Thread Ben McGinnes

On Wed, Feb 28, 2018 at 03:02:58PM +0100, Werner Koch wrote:
> On Wed, 21 Feb 2018 07:27, b...@adversary.org said:
> 
> >> No, there is no way to configure an extra hack to also test a passphrase
> >> for an ssh key.
> >
> > Wanna bet?
> 
> Oh no, I don't want to promote create solutions of our complex API ;-)

Heheh.

I have a friend who frequently used to say that if a question began
with "Would it be wrong to ..." then the answer was always "No."

I think it was about the point where I asked, "Would it be wrong to
release freshwater crocodiles just a little upstream of [local picnic
area where children feed ducks and geese] just in time for the summer
holidays?" that he gave up.


Regards,
Ben


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

2018-02-28 Thread Werner Koch

On Wed, 21 Feb 2018 07:27, b...@adversary.org said:

>> No, there is no way to configure an extra hack to also test a passphrase
>> for an ssh key.
>
> Wanna bet?

Oh no, I don't want to promote create solutions of our complex API ;-)


Shalom-Salam,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpVkKk4I36Jd.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

2018-02-20 Thread Ben McGinnes

On Tue, Feb 13, 2018 at 04:55:19PM +0100, Werner Koch wrote:
> On Tue, 13 Feb 2018 15:03, ambre...@gmail.com said:
> 
> > Thanks for the detailed answer.  But why not doing it for SSH then?
> 
> I like to see when an ssh key is used the first time.  Note that the
> maximum caching time for ssh keys can be configured independent from the
> caching time of other keys.

Probably wise.

> > Just because it's less common?  Would there be any way to configure this?
> 
> No, there is no way to configure an extra hack to also test a passphrase
> for an ssh key.

Wanna bet?

I thought of one way, but really is a hack and it's predicated on the
standard key access being invoked first.  If SSH always comes first
then it won't work.


Regards,
Ben


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

2018-02-13 Thread Werner Koch

On Tue, 13 Feb 2018 15:03, ambre...@gmail.com said:

> Thanks for the detailed answer.  But why not doing it for SSH then?

I like to see when an ssh key is used the first time.  Note that the
maximum caching time for ssh keys can be configured independent from the
caching time of other keys.

> Just because it's less common?  Would there be any way to configure this?

No, there is no way to configure an extra hack to also test a passphrase
for an ssh key.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpqfBu0RjFgu.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

2018-02-13 Thread Pierre Neidhardt


Werner Koch  writes:

> You may now wonder why this does not happen when you decrypt a mail,
> reply to it and sign the reply.  Two subkeys (or the primary and the
> encryption subkey) are involved in this workflow.  Because this is so
> common, gpg-agent knows about it and tries the last passphrase used for
> any of the the subkeys of a key.  It does not do this for an
> authentication subkey, though.  Thus you have to enter it again for ssh.

Thanks for the detailed answer.  But why not doing it for SSH then?
Just because it's less common?  Would there be any way to configure this?

-- 
Pierre Neidhardt

War spares not the brave, but the cowardly.
-- Anacreon


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

2018-02-13 Thread Werner Koch

On Fri,  9 Feb 2018 14:25, ambre...@gmail.com said:

> this time the SSH key is obviously encrypted with the same passphrase as
> my GPG key, since it's part of it.  Any clue why gpg-agent keeps asking?

gpg (or correct gpg-agent) can't know which passphrase is used for each
key or subkey.  Passphrases are cached on a per subkey base and thus you
will see a passphrase query for each new subkey.

You may now wonder why this does not happen when you decrypt a mail,
reply to it and sign the reply.  Two subkeys (or the primary and the
encryption subkey) are involved in this workflow.  Because this is so
common, gpg-agent knows about it and tries the last passphrase used for
any of the the subkeys of a key.  It does not do this for an
authentication subkey, though.  Thus you have to enter it again for ssh.

Note that we can't do trial decryption using several remembered
passphrases because that would take noticeably long for the user.  For
security reasons each passphrase decryption takes about 100ms.


Shalom-Salam,

   Werner
 
-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp1kKEb4AY2L.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

7 matches

Site Navigation

Mail list logo

Footer information