Page MenuHome GnuPG

ssh-agent emulation should provide the primary User ID of any keys offered via ssh
Open, NormalPublic

Description

Over on https://bugs.debian.org/840398 , Dominik George wrote:

When using GPG keys for SSH through gpg-agent, it would be great if,
instead of "(none)", the primary UID of the main key of the
authentication key used could be used as comment.

I'm aware that this request isn't implementable exactly as requested. For one
thing, some authentication-capable subkeys could be attached to multiple primary
keys, each of which has a different primary User ID. So that corner case makes
the generic solution imperfect.

It looks like these values are stored in the ~/.gnupg/private-keys-v1.d/ in the
"comment" element of the S-key, which is populated when keys arrive in the agent
via ssh-add directly. While users could explicitly add such a comment to
pre-existing private keys, it would be nice to automate this process for
authentication-capable subkeys that the agent already stores and aren't
otherwise bound to multiple primary keys.

Details

Version
2.1.15

Event Timeline

dkg set Version to 2.1.15.
dkg added a subscriber: dkg.

I would also like this feature. I currently use a pair of subkeys (one for work one for personal projects) and it would be much easier if I could configure gpg-agent to append comments to the keys rather than displaying (none). Perhaps a flag could be added to sshcontrol which allows you to specify and arbitrary comment?