The SSH public key format contains a comment field (RFC4716, s3.3.2): The comment header contains a user-specified comment. u...@example.com
>From "man sshd": Public keys consist of the following space-separated fields: options, keytype, base64-encoded key, comment. The comment field is not used for anything (but may be convenient for the user to identify the key). If I load an SSH key from a file using 'ssh-add' the comment field is populated with the file name (i.e. "alice.pem") if the gpg-agent does not already contain that key. If I do "ssh-add -L" I will see "alice.pem" at the end of the output: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 alice.pem If the key is in the agent because of the gpg keyring then it is known as "(none)". If I do "ssh-add -L" I will see "(none)" at the end of the output: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 (none) The reason that I stumbled upon this was because I was debugging a ssh connection that used the gpg-agent and the ssh debugging output displayed the following misleading output: debug1: Offering RSA public key: (none) which means the public key called "(none)" rather than, as I initially interpreted it, no public key. It's also useful client-side to see who a public key belongs to. It would be good if the comment field reflected the key source, perhaps the short (or long) key id. For example: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 (3A808C39) Or even the primary uid of the key ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 al...@example.org Incidentally, exporting the public key this way (which, I think, comes from the pubring rather than the agent) gpg --export alice | ./openpgp2ssh 63A808C39 results in no comment field at all: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 I have no idea whether this is a gpg-agent thing, but is it possible to control how the comment field is populated ? [gpg (GnuPG) 2.1.15 libgcrypt 1.7.3] _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users