I just want to point out that one may want to add the keygrip to the
sshcontrol file along with the "confirm" option to get asked by pinentry
each time ssh requests gpg-agent to sign an ssh challenge (e.g. a ssh
login). This is at least a useful option if you login to a remote host
with agent f
Thanks Peter, I was not aware of that (and it certainly explains the double
entry in ssh-add -l.
btw, Werner was not writing that response to me. It was just pointed out to
me, so yes it was
probably not smart card specific I would guess. I'll update the blog post
to reflect that we
probably do no
On 15/01/16 21:17, Glenn Rempe wrote:
> I added it at the suggestion of Werner in this post:
>
> https://lists.gnupg.org/pipermail/gnupg-users/2012-July/045059.html
>
> And these blog posts:
> http://incenp.org/notes/2015/gnupg-for-ssh-authentication.html
> http://budts.be/weblog/2012/08/ssh-auth
On 15/01/16 21:02, Doug Barton wrote:
> On 01/15/2016 12:21 PM, Andrew Gallagher wrote:
> | I've
> | worked on several projects for more than one financial institution,
> | and airgaps like this are considered barely sufficient for some
> | important keys. (Of course in such projects the idea of
I'm not sure when the use of sshcontrol emerged. My impression was that it
is only used as part of GnuPG 'Modern' 2.1.x versions. That being said, If
I remove the keygrip entry from the sshcontrol file it appears to work
fine. The only difference I've just noticed is in the output of 'ssh-add
-l':
On Fri, Jan 15, 2016 at 10:29:13AM +0100, Simon Josefsson wrote:
> Glenn Rempe writes:
>
> > I recently setup my own Mac w/ gnupg 2.1.10, and I am using a Yubikey to
> > manage my gpg private keys and I am using that key for SSH auth. I have it
> > all up and running but I ran into some issues a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/15/2016 12:21 PM, Andrew Gallagher wrote:
| On 15/01/16 19:33, Doug Barton wrote:
|> This is a good example of why that method of working with your
|> keys is pointlessly complicated. :)
|
| It's complicated, but not necessarily _pointlessly_
> > Why do you add the keygrip to the sshcontrol file? I have never
> > needed that step. For me it uses the right key directly. Is it
> > because you have another (revoked) A subkey? It sounds somewhat of
> > sub-optimal behaviour for gpg-agent's SSH support to use a revoked
> > key instead of
On 15/01/16 19:33, Doug Barton wrote:
> On 01/11/2016 08:35 AM, Lachlan Gunn wrote:
>> For me it's problematic
>> because my certification key is on an offline machine, so it's
>> inconvenient to have to power it up and do a round-trip through the
>> airgap when I'm not going to propagate the signa
On 01/11/2016 08:35 AM, Lachlan Gunn wrote:
You've already received good answers on your questions, so some
questions for you. :) What is your concern about signing the key?
And are you aware that local signatures will not be communicated
beyond your keyring?
I actually ran in
On 01/14/2016 11:35 AM, Wendy Oberg wrote:
From: "Doug Barton" [dougb@dougbarton.email]
What is your concern about signing the key?
Not so much a concern. But I might want to make use of the predicate
"key X is valid" without having to sign anything, and without even having a
key.
You still
On 01/14/2016 01:41 PM, NdK wrote:
Il 14/01/2016 21:06, Andrew Gallagher ha scritto:
>Tofu does not guarantee identity persistence. Just because your correspondence
hasn't been obviously tampered with (yet) does not mean that someone hasn't been
MITMing you all along and biding their time.
A
You might hit this bug:
http://lists.gnupg.org/pipermail/gnupg-users/2015-December/054756.html
On 2016-01-15 01:08, Glenn Rempe wrote:
I recently setup my own Mac w/ gnupg 2.1.10, and I am using a Yubikey
to manage my gpg private keys and I am using that key for SSH auth.
I have it all up and
On 15/01/16 00:12, Andrew Gallagher wrote:
> No, because mitm doesn't mean one identity replaces another, but that the two
> identities become conflated.
Ah, we are ascribing different attributes to an "identity".
I think you mean an identity belongs to a specific person, an individual. If you
MI
Glenn Rempe writes:
> I recently setup my own Mac w/ gnupg 2.1.10, and I am using a Yubikey to
> manage my gpg private keys and I am using that key for SSH auth. I have it
> all up and running but I ran into some issues as well so I wrote up a blog
> post. I'd appreciate any suggestions for imp
15 matches
Mail list logo
