On Sat, 2 Nov 2019 12:20, Horst Skatmus said: > I do not understand how the gpg-agent determines where to look for the > private key (disk or smartcard) and where this is configured. I can switch > off the scdaemon via --disable-scdaemon but this has no effect.
At the time you use ssh-add (putty has a similar feature iirc) the key
is copied to GnuPG's private key store and added to the file sshcontrol
in GnuPG home directory ("gpgconf --list-dirs" shows this).
You can add the key also manuualy to the file. An entry there looks
like:
# Ed25519 key added on: 2016-11-29 10:28:00
# MD5 Fingerprint: b5:f9:23:5f:b2:8c:b2:58:7d:b3:1e:f4:7e:26:33:7c
1934563577D9EDA59D3CC74B0CF9C630EA3F302D 0
The header of the sshcontrol file has comments on the syntax.
In short you put the keygrip (as show in the KEYINFO lines or in
"gpg -k --with-keygrip") followed by the TTL for the cache
(0 for the default).
gpg-agend access the smartcard because the authenticstion key of an
inserted card is implicitly enabled for ssh. Which key this is depends
on the card and gpg-agent knows how to query this.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
