[Gpg4win-devel] PuTTY passphrase caching not working with Gpg4win 2.2.0

Dr. Peter Voigt pvoigt at uos.de
Tue Sep 3 18:52:02 CEST 2013 

Am Wed, 28 Aug 2013 11:51:55 +0200
schrieb "Dr. Peter Voigt" <pvoigt at Uni-Osnabrueck.DE>:

> Am Wed, 28 Aug 2013 10:09:16 +0200
> schrieb Werner Koch <wk at gnupg.org>:
> 
> > On Tue, 27 Aug 2013 22:04, pvoigt at uos.de said:
> > > Well, mentioned it already in my last repsonse to the 2.2.0
> > > announcement: I'm unable to make gpg-agent offer me PuTTY
> > > passhrase caching. I've been observing this with Gpg4win 2.2.0
> > > full installation
> > 
> > There is no passphrase caching.  Pageant as well as gpg-agent run
> > the authentication part of the ssh protocol.  ssh works with a
> > Diffie-Hellmann key exchange which is entirely done in putty/ssh but
> > the user authentication for that connection is delegated to
> > pagenant/gpg-agent.
> Well, I did not want to confuse anybody by using technical terms in a
> wrong way. But I obviously have at least a small lack of knowledge on
> this. When re-reading the pageant documentation it states that it
> holds unencrypted keys in memory. So I suppose gpg-agent is doing the
> same.
> 
> > 
> > > "enable-putty-support" in gpg.conf is obviously ignored. Is this
> > 
> > If pageant is started before gpg-agent this will indeed be the case.
> No, pageant is definitely not started at all.
> 
> > However, I assume that your problem is how to get the keys into
> > gpg-agent.
> Right.
> 
> > With ssh you run "ssh-add" to transfer the keys to
> > ssh-agent/gpg-agent; I am not sure who this is done in Putty.
> > However, the core ssh-agent protocol is used by ssh and putty and
> > thus everything pageant does can be done by gpg-agent.
> Under Linux it's not even necessary to use ssh-add: If ssh finds a
> running and ssh aware gpg-agent, it automatically uses it resulting
> in a pinentry showing up.
> 
> > I did my tests using a smartcard.  A smartcard is special in that
> > its key is instantly available and does not need a "ssh-add" or a
> > manual entry in gnupg's sshcontrol file.
> > 
> I have no smartcard like - I suppose - most people using PuTTY. To my
> knowledge there is no ssh-add equivalent with PuTTY. And if PuTTY
> with command line option "-agent" does not search for a running
> gpg-agent, there will be no way to add an SSH key to gpg-agent. Maybe,
> you remember my first questions on this when the new gpg-agent feature
> was discussed on the list, where my first understanding was that PuTTY
> must be changed to use a running gpg-agent.
> 
> Regards,
> Peter

Well, I have not heard any response so far on my last response on this
topic. Therefore I try to re-ask in short terms:

Did anybody succeed to add a PuTTY SSH key under Windows to gpg-agent?
Or did I get the new gpg-agent feature connected with the option
"enable-putty-support" somehow wrong?

By the way: Under Linux gpg-agent asks for a PuTTY SSH key, if you add
"enable-ssh-support" to gpg-agent.conf. This works as expected.

Regards,
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20130903/554f9484/attachment.sig>

More information about the Gpg4win-devel mailing list