--- Werner Koch <[EMAIL PROTECTED]> wrote:
> On Mon, 20 Aug 2007 14:10, [EMAIL PROTECTED] said:
>
> > 1. Is it possible to have only one key pair (public & secret pref. DSA)
> that
> > can be used for both GPG & OpenSSH? (as a sys admin of some interest in
> > cryptography, this is an important question)
>
> Yes. However you want separate keys for separate tasks. Fortunately
> OpenPGP provides just that: There is a primary key for certifying other
> keys (and subkeys) and subkeys for encryption, signing and
> authentication. The authentication key may be used for SSH.
Good. Agreed it's a good idea to maintain a key per task (in fact in OpenSSH
automation side of things having a key pair per task does help a lot).
Question: when I did gpg2 --gen-keys (& ran through with the default
DSA/Elgamal keys), the 'authentication key' (that'd be suitable for SSH
authentication you're referring to) created by default? (or the DSA private
key be suitable for that purpose? I suspect so.)
Then the question is, now for the OpenSSH private key, how to extract/create
the said 'authentication key' that can be stored in ~/.ssh/id_dsa format for
SSH authentication?
(I've worked out the extraction of the SSH compatible public key from the GPG
using gpgkey2ssh tool, so ~/.ssh/id_dsa.pub is taken care of. Alas, gpg2
--list-public-keys and --list-secret-keys gives the same ID for both public &
secret keys.)
Or is there a trick involved in gpg-agent directly handling private key needed
for SSH client somehow? (by only propagating the gpgkey2ssh extracted public
key to .ssh/authorized_hosts of the remote machines)
Thanks
____________________________________________________________________________________
Get the World's number 1 free email service.
http://mail.yahoo.com.au
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
