Hi Daniel and Werner, Thanks for the quick repsonse and more inline...
> Is they key you're looking to convert an RSA key or a DSA key? > The above suggests that it is not. (see the list of publickey algorithms > for OpenPGP [0]). > I am trying to convert RSA key and I am just avoiding use an external tool such as monkeysphere while converting keys. > Are you trying to convert a specific subkey? are you identifying the > subkey explicitly? > I will use subkey for ssh authentication and while using *`gpgkey2ssh $key_id` *command I am giving subkey id explicitly. What I could not understand is why the above command works inconsistently. It works on one of my setups but does not on another. No need to convert a key if you are using gnupg 2.1. Run > > gpg -K --with-keygrip USERID > > and pick the keygrip from the output. For example: > > sec# rsa2048/E455F2D7CC9C6BBC 2009-11-05 > Keygrip = B0C352EC5B3336681535ED3CC2FA62807B64B2CF > uid [ unknown] Enoch Root (test) <en...@example.org> > ssb rsa2048/591B5112D5A9C5A6 2009-11-05 > Keygrip = 84722EE009690AA87BAF80A62EB0186CFCF72E64 > ssb# rsa2048/D367147F5CB0CDF0 2009-11-05 > Keygrip = 79DA43AD276B52EABFF0661153276A8E5A5F8DB9 > > To use the second subkey with ssh, you then do: > > echo >>~/.gnupg/sshcontrol 79DA43AD276B52EABFF0661153276A8E5A5F8DB9 0 > > (note the "0" after the keygrip) Yeah I know that feature in 2.1.0 version, but why I am insisting on using *`gpgkey2ssh` *command is I am going to automate this process and since *`ssh-add -L` *strictly requires an running agent and it does not extract public part of key pair compatible with authorized_key file unless agent is running. (as mentioned in this tutorial <http://budts.be/weblog/2012/08/ssh-authentication-with-your-pgp-key> and discussions in mailing list <http://lists.gnupg.org/pipermail/gnupg-users/2012-July/thread.html#45059> -thanks to Werner Koch- using sshcontrol file during ssh authentication requires using ssh-add command) What I am really looking for is there a workaround to use *`gpgkey2ssh` *command without getting the error given in first mail? Regards..
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
