[Gpg4win-devel] PuTTY passphrase caching not working with Gpg4win 2.2.0

Dr. Peter Voigt pvoigt at uos.de
Wed Aug 28 11:51:55 CEST 2013


Am Wed, 28 Aug 2013 10:09:16 +0200
schrieb Werner Koch <wk at gnupg.org>:

> On Tue, 27 Aug 2013 22:04, pvoigt at uos.de said:
> > Well, mentioned it already in my last repsonse to the 2.2.0
> > announcement: I'm unable to make gpg-agent offer me PuTTY passhrase
> > caching. I've been observing this with Gpg4win 2.2.0 full
> > installation
> 
> There is no passphrase caching.  Pageant as well as gpg-agent run the
> authentication part of the ssh protocol.  ssh works with a
> Diffie-Hellmann key exchange which is entirely done in putty/ssh but
> the user authentication for that connection is delegated to
> pagenant/gpg-agent.
Well, I did not want to confuse anybody by using technical terms in a
wrong way. But I obviously have at least a small lack of knowledge on
this. When re-reading the pageant documentation it states that it holds
unencrypted keys in memory. So I suppose gpg-agent is doing the same.

> 
> > "enable-putty-support" in gpg.conf is obviously ignored. Is this
> 
> If pageant is started before gpg-agent this will indeed be the case.
No, pageant is definitely not started at all.

> However, I assume that your problem is how to get the keys into
> gpg-agent.
Right.

> With ssh you run "ssh-add" to transfer the keys to
> ssh-agent/gpg-agent; I am not sure who this is done in Putty.
> However, the core ssh-agent protocol is used by ssh and putty and
> thus everything pageant does can be done by gpg-agent.
Under Linux it's not even necessary to use ssh-add: If ssh finds a
running and ssh aware gpg-agent, it automatically uses it resulting in a
pinentry showing up.

> I did my tests using a smartcard.  A smartcard is special in that
> its key is instantly available and does not need a "ssh-add" or a
> manual entry in gnupg's sshcontrol file.
> 
I have no smartcard like - I suppose - most people using PuTTY. To my
knowledge there is no ssh-add equivalent with PuTTY. And if PuTTY
with command line option "-agent" does not search for a running
gpg-agent, there will be no way to add an SSH key to gpg-agent. Maybe,
you remember my first questions on this when the new gpg-agent feature
was discussed on the list, where my first understanding was that PuTTY
must be changed to use a running gpg-agent.

Regards,
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20130828/36fbcdff/attachment.sig>


More information about the Gpg4win-devel mailing list