Re: Identifying one of multiple authentication subkeys

2019-03-23 Thread Brian Exelbierd 
Hi Peter,

Your help has been amazing and very useful.  I was re-reading this answer and I 
noticed the comments below:

On Sat, Mar 16, 2019, at 11:12 AM, Peter Lebbing wrote:

> (By the way, as you can see in the ssh-keygen output, my key actually
> has a comment field in the gpg-agent. It was imported from an on-disk
> OpenSSH file, that's where it came from.

How did you import this key?  Monkeysphere's pem2opengpg only reads older 
formats that don't support comments.  I didn't see anything about import from 
the newer formats in my searches.

> I don't know a way to have a
> comment field for a key generated with gpg, although I could probably
> hack it in in the private key store. Let's not do that.)

Should I open a feature request on this, or have you already done so?

regards,

bex

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Identifying one of multiple authentication subkeys

2019-03-23 Thread Peter Lebbing 
On 23/03/2019 13:39, Brian Exelbierd wrote:
> How did you import this key?

If your OpenSSH private key is .ssh/id_ed25519, and you are running
gpg-agent as your SSH agent, it's a matter of:

$ ssh-add ~/.ssh/id_ed25519

Any comment on the private key that was already there (presumably
through ssh-keygen's -C option) will be saved in private-keys-v1.d.

I don't use monkeysphere, I just maintain all authorized_keys files by
hand. While I do have files with the public keys, often I'll just use
ssh-add -L to get the public key I need to put in there.

The point where stuff gets interesting is deleting SSH keys. For that I
would use the method I outlined in this thread to get at the keygrip,
because ssh-add -d doesn't work with gpg-agent. Well, not with the
version in Debian stretch anyway, I reserve the right to be ignorant
about features added since then.

> Should I open a feature request on this, or have you already done so?

I don't care enough to open a feature request. The development team's
time is limited after all.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Automated Batch Subkey Creation

2019-03-23 Thread eduardo 
Thanks for this bash-code. It's interesting how people ask if there is a need
for automating something. The question should be "what should not be
automated/scriptable" other than that, EVERYTHING must be scriptable. for
some reason there is a gen-key, right? so, why not having one for
gen-subkey?
Nevertheless, thanks for the incredible work you guys have done and keep
doing. Please, add a gen-subkey at some point. The use-case is to provision
systems to end-users where a set of configurations allows the end-user to
start working asap. There is not a fully automated setup as the passphrase
will be asked to the end-user during the setup. The subkeys portion of this
automation will allow the end-user to not having to deal with the
"complicated" process (trust when others tell you that is "complicated" to
them). Thanks.



--
Sent from: http://gnupg.10057.n7.nabble.com/GnuPG-User-f3.html

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users