Split GPG and ssh keys
346 views
Skip to first unread message
Eva Star
Jun 29, 2016, 12:51:47 PM6/29/16
to qubes-users
Is Split GPG support storing ssh keys for authorization? I google for this issue and found the information about some special package or gpg-agent must e started with special options.
What is about Split GPG? How to use it with ssh keys?
Can someone write some instruction?
And maybe it's a good idea to add additional chapter to Split GPG docs about that?
Thanks
Andrew David Wong
Jun 29, 2016, 11:33:15 PM6/29/16
to Eva Star, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
No, Split GPG does not support SSH keys. However, we have a ticket to
track a "Split SSH" feature:
https://github.com/QubesOS/qubes-issues/issues/1962
We're hoping a developer from the community will pursue this.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXdJL0AAoJENtN07w5UDAwxDsQALuPkSamWFCXp2rnIdzflmmp
/Zj8Bcw7L/4k32fmLgWERgXdk/GLZLagNTymyLT1WIRPXtjy29PBmFiMkiDdPdN0
7Tj1MT5hQT03ixmSRnV04otWkbm8ksqgxxvNCYzBrNHkfpCj/x4LBFGzf1X00Jxv
gmTiUGVXK/xJnJ2Ry7PRYXFH7Tto118wDrhxLbWlasPCPPh00FaMJ1R5qHhyyosk
pBf6M9CVbA5Fjqb0ckTtQHxFakChgFOQk2D49pcXYyLn7JOBIHMEkt7Py9uzjEMI
Z46LiIJo3VKlOclz7vQOw61Dq1ElDqJWXakoVqZmgolHmQjcqAqQjn2Fn/wwDsnF
QmhkMj3QFjU679YuVV/jFzZKr8l+/vJCRkXN35EKnszn4UtZP5mm6aaxW0nhnsWa
RP5U9+NdWgnd+8aA9T2ZYfl9esgwFrriQRL5RH99gAi8oeUjzHeGx2MIdJ93791u
o5q3nSzq2tU0jgmRxhYniwzVkHprXHC3JUA1KMpHGbpoXfqsSerY+5D6qB58jrH+
QC4v00F97xEEiGvYe7sBSWLxt2zvwdv355plCaXwGJ/LN5/SacBKw7yf45AIbggP
1aBj9FKknmtCNOvyL9pt/TXcf8pufTVk3hUtEJwceFz/LcxzpcBl1woPAQFTlWnI
UHHn4N/ra8AVkICttN9N
=6i/v
-----END PGP SIGNATURE-----
Hash: SHA512
track a "Split SSH" feature:
https://github.com/QubesOS/qubes-issues/issues/1962
We're hoping a developer from the community will pursue this.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXdJL0AAoJENtN07w5UDAwxDsQALuPkSamWFCXp2rnIdzflmmp
/Zj8Bcw7L/4k32fmLgWERgXdk/GLZLagNTymyLT1WIRPXtjy29PBmFiMkiDdPdN0
7Tj1MT5hQT03ixmSRnV04otWkbm8ksqgxxvNCYzBrNHkfpCj/x4LBFGzf1X00Jxv
gmTiUGVXK/xJnJ2Ry7PRYXFH7Tto118wDrhxLbWlasPCPPh00FaMJ1R5qHhyyosk
pBf6M9CVbA5Fjqb0ckTtQHxFakChgFOQk2D49pcXYyLn7JOBIHMEkt7Py9uzjEMI
Z46LiIJo3VKlOclz7vQOw61Dq1ElDqJWXakoVqZmgolHmQjcqAqQjn2Fn/wwDsnF
QmhkMj3QFjU679YuVV/jFzZKr8l+/vJCRkXN35EKnszn4UtZP5mm6aaxW0nhnsWa
RP5U9+NdWgnd+8aA9T2ZYfl9esgwFrriQRL5RH99gAi8oeUjzHeGx2MIdJ93791u
o5q3nSzq2tU0jgmRxhYniwzVkHprXHC3JUA1KMpHGbpoXfqsSerY+5D6qB58jrH+
QC4v00F97xEEiGvYe7sBSWLxt2zvwdv355plCaXwGJ/LN5/SacBKw7yf45AIbggP
1aBj9FKknmtCNOvyL9pt/TXcf8pufTVk3hUtEJwceFz/LcxzpcBl1woPAQFTlWnI
UHHn4N/ra8AVkICttN9N
=6i/v
-----END PGP SIGNATURE-----
Eva Star
Jun 30, 2016, 4:10:43 AM6/30/16
to qubes-users, evado...@gmail.com
I do not know what is under the hood at split gpg, but seems it's simple gpg-agent. If it so, that seems it's very easy to add support for ssh keys. All what is need is already developed:
Need only do add this to SplitGPG :)
Andrew David Wong
Jul 1, 2016, 12:47:53 AM7/1/16
to Eva Star, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-06-30 01:10, Eva Star wrote:
> I do not know what is under the hood at split gpg, but seems it's
> simple gpg-agent. If it so, that seems it's very easy to add
> support for ssh keys. All what is need is already developed:
> http://superuser.com/questions/360507/are-gpg-and-ssh-keys-
> interchangable
>
> Need only do add this to SplitGPG :)
>
But the answers to that question indicate that GPG and SSH keys are
> I do not know what is under the hood at split gpg, but seems it's
> simple gpg-agent. If it so, that seems it's very easy to add
> support for ssh keys. All what is need is already developed:
> http://superuser.com/questions/360507/are-gpg-and-ssh-keys-
> interchangable
>
> Need only do add this to SplitGPG :)
>
*not* easily interchangeable. Am I missing something?
P.S. - Please avoid top posting.
>
>> No, Split GPG does not support SSH keys. However, we have a
>> ticket to track a "Split SSH" feature:
>>
>> https://github.com/QubesOS/qubes-issues/issues/1962
>>
>> We're hoping a developer from the community will pursue this.
>>
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXdfXvAAoJENtN07w5UDAw2RkQAJUo/N6cpB/DQ2inLo39zI1b
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
ahxR4+Nt9Vo/KFzw+bdnGfDB0Fj4Rjn5pelBlSH08giH9twYnj6ptPi3WfF8vXut
5t+X4mdml5Z43ymNAUmfmCGn8JfZyKnBpk3iKHGK4SdVl5LBO4ft0Ct2YcoD9hPT
ZHHUi2lGg2UP7qe1rwR+c5ZixYs7YS15JooCB6cGHlq19w67Ibc/5tQGLE6x9vIY
xrFgZrRbi5x5Gwy+h7CnmQw++OwknjOE3ofSnNuWyC1PyIWcWeV2y05Qr757O1cm
H8VnAo29lKKhLc9qmI6BsVSDyX1fXvirQiqHYy5Az4/L0HQVR4NJYiZUfIbIRI0i
XiTwE2ORnjO8icWzhBF1ZRiIsckApO9Ula771AZlxqcd0cFOnqFiFBON86kDbBq1
K4cekzfRK2fqT3amEX+IqeYqG6w8Vgxj35q5U19RmyHU75o6tgqSucOf8lg/fKG2
/OcjCYYtWnHz16tkRn9HKE90rVOPik3IWx3UmmRGkFRp+oaBPpCvgQUzz1YyFOFY
6Pu8QYmT9Ni7vguK7kFpKhOh71R+3NAQ8RMDZTS6CJ626cRclJuwIFptStpCPOPf
6Fz50WLB3ljOFN083KI4iPx8JB/9SvKV+WpHjiclEFy6BPje6GPGVCz40sllwpS0
jd2nqxaaS0TlRYvDd8sI
=77J9
-----END PGP SIGNATURE-----
Eva Star
Jul 3, 2016, 7:51:51 AM7/3/16
to qubes-users, evado...@gmail.com
Seems it can be easy done with new GnuPG version:
Quote:
To summarize: Either you use GnuPG 2.1, which is currently in beta. When using this version, you can simply start gpg-agent with the --enable-ssh-support option and add the keygrip for you GPG key (or subkey) into ~/.gnupg/sshcontrol.
When you are using the current stable GnuPG version (2.0.x) you can use monkeysphere to add your key to gpg-agent (again, after starting gpg-agent with the --enable-ssh-support option).
It is also possible to use GNOME keyring (or even the regular ssh-agent) with the help of monkeysphere. The only problem in this case is that you will have to re-add your key when logging on again (into Gnome or XFCE). To solve this you can manually export your key and convert it.
P.S. Google by default setup cursor on the answer text area ready for top posting.
Eva Star
Jul 4, 2016, 10:15:10 AM7/4/16
to qubes...@googlegroups.com
This issue can be simply solved by moving to New GPG version and not
need to realize something form SSH, because of GnuPG 2.1 seems support
them by default with --enable-ssh-support key:
https://github.com/QubesOS/qubes-issues/issues/1962
Please update the ticket
Proof link, search for `ssh` term on the page:
https://gnupg.org/faq/whats-new-in-2.1.html
Reply all
Reply to author
Forward
0 new messages