On Fri, 24 Nov 2006, Werner Koch wrote:
That is how you use gpg-agent. Really, it is a plug-in replacement of ssh-agent. It works different internally but at a user level it is very simlar.
My talk about ssh-agent may have induced you in error. My fault. I was not comparing ssh-agent with gpg-agent as replacement for ssh-agent! I mentioned my setup of ssh-agent just to give an idea of what I was trying to accomplish. In other words, I wanted a similar setup for gpg-agent but only for its uses of signing and encrypting, not for ssh authentication. Correct me if I'm wrong, but there is no way to add passphrases other than by using it for some signing or encrypting. And how to do it from a remote box? I know about X forwarding, but I don't want to use it (slow & clumsy). And pinentry-curses didn't work for me, even at the local box. Even assuming that there was some misconfiguration that caused this, I think a CLI way to add passphrases was a natural thing to expect, at least for UNIX users (of course, this would not be incompatible with graphical alternatives).
For example, you don't need to use ssh-add every time after starting the agent. You do it only once and gpg-agent will store the entire key on disk and no just in memeory as ssh-agent does. If you later
What about the passphrase gpg-agent asks when adding the key via ssh-add? Is it needed only after gpg-agent receives a TERM or HUP? And is it the same for all keys stored?
want to control what ssh keys are available to gpg-agent, you can edit the ~/.gnupg/sscontrol file and give gpg-agent a HUP.
Interesting. I didn't have a real close look at gpg-agent as ssh-agent replacement yet, but the --enable-ssh-support entry in http://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html#Agent-Options says that a different socket is opened for this functionality. But then a client would know about it only through inheriting an env variable; I would use the --use-standard-socket for gpg-agent signing/encryption socket, but what about the other socket?
Cheers, Jorge _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
