On Mon, 25 Mar 2019 16:02, pe...@digitalbrains.com said: > But something more user friendly to match SSH fingerprint and keygrip > could be beneficial. I'm not sure what that would look like and neither
You can build a script based on this: $ gpg-connect-agent 'keyinfo --ssh-list --ssh-fpr' /bye S KEYINFO 1234[...] D - - - P SHA256:PtJi[...] - S [...] This lists all keys allowed for ssh with its keygrip (1234. and the corresponding ssh fingerprint (SHA256:PTJI). Details as usual by using 'help keyinfo'. > For one thing, OpenSSH seems to prefer SHA256 SSH fingerprints over the > old MD5 ones now. That is right and you can tell gpg-agent this by using ssh-fingerprint-digest sha256 (I don't like the base64 encoding becuase it is hard to visual compare, but that is how it is). Note that while writing this I noticed that the KEYINFO command always printed MD5 fingerprints. I fixed that for 2.2.15 so that the above option is considered. Further, it is also possible to use keyinfo --ssh-list --ssh-fpr-md5 keyinfo --ssh-list --ssh-fpr=sha1 keyinfo --ssh-list --ssh-fpr=sha256 to select a certain fingerprint format independent of the option. Salam-Shalom, Werner p.s. Eventually someone(tm) should write a GUI tool to list and manage all kind of private keys in GnuPG. For example to list all users of a certain private key. -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users