Re: Identifying one of multiple authentication subkeys

2019-03-25 Thread Werner Koch 
On Sat, 23 Mar 2019 16:19, pe...@digitalbrains.com said:

> because ssh-add -d doesn't work with gpg-agent. Well, not with the
> version in Debian stretch anyway, I reserve the right to be ignorant

That is on purpose: gpg-agent stores the key permanently and thus it
makes no sense to add and remove it regularly.

Do quickly disable a key, prefix its keygrip in ~/.gnupg/sshcontrol with
an exclamation mark.  A comment above each automatically added keygrip
gives info about the key.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg: packet(3) with unknown version 7

2019-03-25 Thread Werner Koch 
On Fri, 22 Mar 2019 23:46, ggroenh...@ggf-controls.de said:

> with gpg2 symmetric encrypted file. I allways get
> "gpg: packet(3) with unknown version 7".

That is garbled data because a version 7 of the session key packet (tag
3) is not defined.  Please check the error messages again or provide a
sample message for us.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Identifying one of multiple authentication subkeys

2019-03-25 Thread Peter Lebbing 
On 25/03/2019 15:45, Werner Koch wrote:
> That is on purpose: gpg-agent stores the key permanently and thus it
> makes no sense to add and remove it regularly.

It might also be "slightly annoying" to remove key material which is
also in use for other purposes :-). You remove an SSH key, and suddenly
an OpenPGP subkey is also missing...

But something more user friendly to match SSH fingerprint and keygrip
could be beneficial. I'm not sure what that would look like and neither
do I think it is high on the priority list.

For one thing, OpenSSH seems to prefer SHA256 SSH fingerprints over the
old MD5 ones now.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users