> 1. Is it possible to have only one key pair (public & secret pref. DSA) that > can be used for both GPG & OpenSSH? (as a sys admin of some interest in > cryptography, this is an important question)
Uhm, possible... sure, why not. I just don't know right now how one would achive that. > 2. Is gpg-agent, SSH agent service provided by GPG etc. somehow useful only > when one has a card reader? Or put it other way, is it useful even when one > has no card reader? gpg-agent supports the ssh-agent protocol and can be used as a drop-in replacement. It's definitely useful without smartcard reader. Supporting the smartcard out-of-the-box is an addon. > 3. Am I missing a simple 'GPG/OpenSSH unification for dummies' (dummies like > me :-)) with a few solid examples on unifying GPG (keys - including exporting > GPG public key to add into .ssh/authorized_keys, gpg-agent) with OpenSSH > client side? I don't know about such a document. But, the gpg-agent thing is rather simple: add "enable-ssh-support" to your gpg-agent.conf (or use --enable-ssh-support). Then, gpg-agent will not only set GPG_AGENT_INFO in the environment, but also e.g. SSH_AUTH_SOCK. "ssh-add <key file>" can be used to introduce ssh keys to the gpg-gent. Note: this does only need to be done ONCE! gpg-agent will not simply forget added ssh keys when you restart it (like ssh-agent). The key is ready to use now. Whenever the passphrase for the key is required, gpg-agent fires up pinentry to retrieve the passphrase. Hope that helps, moritz
pgpNZkXC70aGp.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
