[Gpg4win-users-en] Using gpg4win with OpenSSH and Git

Marko Božiković bozho at kset.org
Fri Feb 20 16:23:25 CET 2015


On 19/02/2015 19:37, Werner Koch wrote:
> On Thu, 19 Feb 2015 16:32, bozho at kset.org said:
> 
>> I've picked up GnuPG again after a few years and I was wondering is it
>> possible to use gpg4win in its current state for OpenSSH authentication and
>> git SSH authentication and commit signing using gpg-agent.
> 
> On Windows you can't use if with OpenSSH.  AFAIK, OpenSSH is not
> available as native application but only as a Cygwin binary.  This could
> be made work somehow but it has not been done.  However, Putty is
> supported: If you add "enable-putty-support" to gpg-agent.conf,
> gpg-agent will work as a Pageant replacement.  You should fire up
> gpg-agent before Pageant, though.

I have two more questions:

1. I can't seem to export public subkeys with the gpg command line utility.
According to gpg docs, giving a key ID when exporting keys will export only
that key (and its subkeys, if there are any) However, running:

gpg --armor --export > all.gpg
gpg --armor --export <master key ID> > master.gpg
gpg --armor --export <subkey ID> > subkey.gpg

produces three identical files, with both the master key and an authenticating
subkey. Is that a bug, or am I doing something wrong?


2. Msysgit and gpg-agent. MSysGit works with Pageant (putty authenticating
agent) to handle SSH keys. Now, I currently use Pageant to load a github
secret key from a file and serve it to git when needed (works fine from both
command line and tortoisegit)

I tried replacing pageant with Gpg4Win's gpg-agent, but had no luck. I've
created a new keyring in gpg: one master SC key and one authenticating subkey.
I've exported the public subkey, converted it to the SSH format and uploaded
it to Github. It seems that gpg-agent doesn't pick up my authenticating
subkey, because if I remove my old github SSH key and try to clone a repo, I
get an authentication error. If I add my old SSH github public key back to my
Github account and instruct git to load a private key from a file, gpg-agent
creates a "private-keys-v1.d" subdirectory in my gnupg dir and seems to store
the (old) private key there. As long as it's there, I can clone github repos
without instructing git to load private key from a file, so it seems that
gpg-agent is serving it correctly.

So, basically, the question here is how to make gpg-agent see my gpg keys and
use them? Does the subkey need to have other capabilites in addition to
authentication?


Thank you,
-- 
Marko




More information about the Gpg4win-users-en mailing list