Page MenuHome GnuPG
Feed Advanced Search

Fri, Dec 6

gniibe changed the status of T7436: Allow ssh to sign data larger than the assuan line length. from Open to Testing.
Fri, Dec 6, 6:32 AM · ssh, Feature Request, gnupg26

Thu, Dec 5

gniibe claimed T7436: Allow ssh to sign data larger than the assuan line length..
Thu, Dec 5, 7:02 AM · ssh, Feature Request, gnupg26

Tue, Dec 3

werner renamed T7436: Allow ssh to sign data larger than the assuan line length. from Allow ssh to sign larger data than the assuan line length. to Allow ssh to sign data larger than the assuan line length..
Tue, Dec 3, 4:18 PM · ssh, Feature Request, gnupg26
ebo renamed T7436: Allow ssh to sign data larger than the assuan line length. from Allow ssh to sign larger data tha the assuan line length. to Allow ssh to sign larger data than the assuan line length..
Tue, Dec 3, 4:14 PM · ssh, Feature Request, gnupg26
werner triaged T7436: Allow ssh to sign data larger than the assuan line length. as Normal priority.
Tue, Dec 3, 3:31 PM · ssh, Feature Request, gnupg26

Mon, Dec 2

gniibe closed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) as Resolved.

Closed, since this was documentation for the workaround, four years ago.

Mon, Dec 2, 9:52 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
werner added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Just a reminder: with Gnuk 1.2.15 and an ed25519 key PubkeyAuthentication unbound is required for hosts using the new feature.

Mon, Dec 2, 9:35 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Mar 4 2024

Zymlex added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

In case if someone finds it through a search:

Mar 4 2024, 9:51 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Feb 21 2024

werner closed T5084: Using GPGWin 3.1.13, Putty fails to load the private key from a YubiKey as Resolved.

Closing due to age and because gpg4win 4 started to using the much improved GnuPG 2.4

Feb 21 2024, 5:45 PM · gnupg, ssh, Bug Report, gpg4win

Jan 5 2024

werner moved T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent from Backlog to done on the gnupg24 board.
Jan 5 2024, 12:04 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Oct 16 2023

werner triaged T6756: max-cache-ttl-ssh overrides max-cache-ttl as Low priority.
Oct 16 2023, 1:24 PM · MacOS, gpgagent, ssh, Bug Report

Oct 10 2023

memeplex updated the task description for T6756: max-cache-ttl-ssh overrides max-cache-ttl.
Oct 10 2023, 2:20 PM · MacOS, gpgagent, ssh, Bug Report
memeplex updated the task description for T6756: max-cache-ttl-ssh overrides max-cache-ttl.
Oct 10 2023, 2:19 PM · MacOS, gpgagent, ssh, Bug Report
memeplex created T6756: max-cache-ttl-ssh overrides max-cache-ttl.
Oct 10 2023, 2:13 PM · MacOS, gpgagent, ssh, Bug Report

Sep 26 2023

jplejacq added a comment to T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent.

Here's another data point.

Sep 26 2023, 4:13 PM · gnupg, Documentation, ssh

Aug 28 2023

kelseyradley added a comment to T5794: Cannot add ed25519 SSH key with empty comment.
Aug 28 2023, 6:28 AM · ssh, gnupg (gpg22), Bug Report
kelseyradley added a comment to T2760: Populate comment field when exporting authentication key for SSH.
Aug 28 2023, 6:27 AM · gnupg24, ssh, Feature Request

May 26 2023

werner edited projects for T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent, added: gnupg; removed gnupg24.
May 26 2023, 10:03 AM · gnupg, Documentation, ssh

Apr 26 2023

ebo closed T6212: The ssh keys are no longer returned in the order from control file after T5996 as Resolved.
Apr 26 2023, 9:20 AM · gnupg24 (gnupg-2.4.1), ssh, Feature Request

Apr 18 2023

werner moved T6212: The ssh keys are no longer returned in the order from control file after T5996 from QA to gnupg-2.4.1 on the gnupg24 board.
Apr 18 2023, 9:42 AM · gnupg24 (gnupg-2.4.1), ssh, Feature Request

Feb 1 2023

werner changed the status of T6212: The ssh keys are no longer returned in the order from control file after T5996 from Open to Testing.
Feb 1 2023, 9:36 AM · gnupg24 (gnupg-2.4.1), ssh, Feature Request
werner moved T6212: The ssh keys are no longer returned in the order from control file after T5996 from QA to WiP on the gnupg24 board.
Feb 1 2023, 9:36 AM · gnupg24 (gnupg-2.4.1), ssh, Feature Request
werner moved T6212: The ssh keys are no longer returned in the order from control file after T5996 from WiP to QA on the gnupg24 board.

See the the commit for a description of the changes.

Feb 1 2023, 9:29 AM · gnupg24 (gnupg-2.4.1), ssh, Feature Request
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@MathiasMagnus This change is to support Win32-OpenSSH by gpg-agent emulation of ssh-agent; You can use gpg-agent emulation of ssh-agent when you use Win32-OpenSSH. That is, you can use GPG auth subkey for Win32-OpenSSH.

Feb 1 2023, 6:03 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Jan 31 2023

werner moved T6212: The ssh keys are no longer returned in the order from control file after T5996 from Backlog to WiP on the gnupg24 board.
Jan 31 2023, 12:40 PM · gnupg24 (gnupg-2.4.1), ssh, Feature Request
MathiasMagnus added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@gniibe Am I misunderstanding something? I thought that with this change one is able to connect from a Windows box to a Linux box and have GPG agent forwarding work. I am still hitting pretty much the same issue described here: https://github.com/PowerShell/Win32-OpenSSH/issues/1564
On my Windows endpoint I'm running gpg.exe version 2.4.0.49237 and in C:\Users\mate\AppData\Roaming\gnupg\gpg-agent.conf I have a single line enable-win32-openssh-support. Running gpg-connect-agent.exe reloadagent /bye I have a gpg-agent running. Get-Process gpg-agent shows that it's running. In my Windows env I have SSH_AUTH_SOCK set to \\.\pipe\openssh-ssh-agent and my Linux endpoint is configured in SSH config with

ForwardAgent yes
AddKeysToAgent yes
RemoteForward /run/user/1015/gnupg/S.gpg-agent C\:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra

As the remote end reports /run/user/1015/gnupg/S.gpg-agent that socket for agent-socket when issuing gpgconf --list-dirs and my local gpgconfg.exe --list-dirs reports C%3a\Users\mate\AppData\Local\gnupg\S.gpg-agent.extra where I transform %3a to \: manually. SSH authentication works perfectly, when connecting pinentry-qt pops up to unlock my key and when connecting to yet another machine, my SSH agent is forwarded again. However, gpg fails to use my agent. Issuing gpg --list-secret-keys --verbose prints the following to the console:

gpg --list-secret-keys --verbose
gpg: using pgp trust model
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
gpg: waiting for the agent to come up ... (5s)
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
gpg: waiting for the agent to come up ... (4s)
gpg: waiting for the agent to come up ... (3s)
gpg: waiting for the agent to come up ... (2s)
gpg: waiting for the agent to come up ... (1s)
gpg: can't connect to the agent: End of file

What is missing to tie the knot on both ends without having to resort to 3rd party tools like @rupor-github 's agent-gui? The remote gpg version is 2.2.19, is that the issue? Must that also be 2.3.9+?

Jan 31 2023, 10:35 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Jan 24 2023

werner added a comment to T6212: The ssh keys are no longer returned in the order from control file after T5996.

Let's first collect all keys, assign a priority, sort, and only then send them back to ssh.

Jan 24 2023, 10:06 AM · gnupg24 (gnupg-2.4.1), ssh, Feature Request

Jan 19 2023

werner updated the task description for T2760: Populate comment field when exporting authentication key for SSH.
Jan 19 2023, 4:50 PM · gnupg24, ssh, Feature Request
werner removed a project from T5995: Better prompt with SETKEYDESC: gnupg (gpg23).
Jan 19 2023, 4:47 PM · gnupg24, ssh, gpgagent, scd
werner removed a project from T6212: The ssh keys are no longer returned in the order from control file after T5996: gnupg (gpg23).
Jan 19 2023, 4:44 PM · gnupg24 (gnupg-2.4.1), ssh, Feature Request
werner removed a project from T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent: gnupg (gpg23).
Jan 19 2023, 4:44 PM · gnupg, Documentation, ssh

Dec 22 2022

werner closed T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent as Resolved.
Dec 22 2022, 10:34 AM · Not A Bug, workaround, gnupg24, Windows, ssh
mfilippov added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Thanks all. It is a bug in Win32 OpenSSH. https://github.com/PowerShell/Win32-OpenSSH/issues/1953 it is already fixed. I think the issue will be resolved after the update is shipped. I could use ssh -T git@github.com as a workaround.

Dec 22 2022, 10:05 AM · Not A Bug, workaround, gnupg24, Windows, ssh
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Well, not our bug... it's a kind of support question and answer:
This might help: https://stackoverflow.com/questions/3844393/what-to-do-about-pty-allocation-request-failed-on-channel-0

Dec 22 2022, 1:00 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Dec 21 2022

werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

This does not look like a problem in GnuPG/gpg4win because gnupg implements the ssh-agent protocol and not the ssh server or client functionality. ssh tells sshd whether it shall allocate a PTY (Pseudo TTY). I don't use ssh with github but it is likely that you may only run commands (which don't require a PTY). Usually you would invoke a "git" command cia ssh.

Dec 21 2022, 12:10 PM · Not A Bug, workaround, gnupg24, Windows, ssh
mfilippov added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Authentication succeed if I pressed enter after:PTY allocation request failed on channel 0

Dec 21 2022, 10:58 AM · Not A Bug, workaround, gnupg24, Windows, ssh
mfilippov added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I try WinGPG 4.1.0, and I receive an error:
ssh git@github.com
PTY allocation request failed on channel 0

Dec 21 2022, 10:53 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Nov 25 2022

gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Implications are... you won't be possible to use new protocols introduced by newer OpenSSH:

Nov 25 2022, 12:54 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 24 2022

amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Thanks. Adding 'PubkeyAuthentication unbound' to my ~/.ssh/config seems to workaround it for me on openssh-9.1p1-3 (arch). I don't quite follow what the implications of that setting are though.

Nov 24 2022, 9:01 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe renamed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) to OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Nov 24 2022, 2:38 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

In my cases (tested with 9.1), here are the length of data to be signed by ssh-agent (emulation by gpg-agent).

  • 164 bytes: Both features disabled by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com -o PubkeyAuthentication=unbound
  • 192 bytes: Unbound only by: ssh -o PubkeyAuthentication=unbound
  • 298 bytes: No Post Quantum only by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com
  • 330 bytes: Both features enabled (no options)
Nov 24 2022, 2:22 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 22 2022

gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

I tested with openssh 9.1. When I add -o PubkeyAuthentication=unbound, I can make the length of data smaller.

Nov 22 2022, 8:12 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 9 2022

amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
In T5931#165009, @alexk wrote:

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

KexAlgorithms -sntrup761x25519-sha512@openssh.com

For me ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com ... does work as well.

Nov 9 2022, 7:40 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
alexk added a project to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required): workaround.

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

Nov 9 2022, 10:51 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 1 2022

gniibe edited projects for T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent, added: Documentation; removed Bug Report.

The problem here is how large the data to be signed is. It is an issue of protocol design. The protocols are explained in openssh/PROTOCOL.certkeys and openssh/PROTOCOL. Unfortunately, it seems that it was designed with not much consideration for smartcard use case, so, data to be signed may be longer (than the capability of smartcard).

Nov 1 2022, 12:59 AM · gnupg, Documentation, ssh

Oct 31 2022

alca7raz added a comment to T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent.

Sadly, it doesn't work for me. But thank you.

Oct 31 2022, 11:31 AM · gnupg, Documentation, ssh
gniibe added a comment to T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent.

I managed to find a way to minimize the data (less than the one on Oct 25).
And it somehow works for me.

Oct 31 2022, 7:52 AM · gnupg, Documentation, ssh

Oct 30 2022

alca7raz added a comment to T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent.

So what should I do now? Should I report it to OpenSSH team?

Oct 30 2022, 5:03 PM · gnupg, Documentation, ssh

Oct 28 2022

werner updated subscribers of T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.
Oct 28 2022, 3:56 PM · Not A Bug, workaround, gnupg24, Windows, ssh
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Will go into 2.3.9 and gpg4win 4.0.5

Oct 28 2022, 3:56 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Oct 27 2022

werner triaged T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent as Normal priority.
Oct 27 2022, 8:27 AM · gnupg, Documentation, ssh

Oct 26 2022

gniibe changed the status of T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent from Open to Testing.
Oct 26 2022, 9:24 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Oct 14 2022

gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Pushed to master.

Oct 14 2022, 7:03 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Sep 19 2022

werner triaged T6212: The ssh keys are no longer returned in the order from control file after T5996 as Normal priority.

We want to get rid of sshcontrol but we could keep it as an optional configuration to sort keys. I won't say it is a bug, though.

Sep 19 2022, 8:19 PM · gnupg24 (gnupg-2.4.1), ssh, Feature Request
chyen added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I hacked configure.ac of gnupg to force it build with libgpg-error 1.45, and OpenSSH works with the created pipe. Maybe the libgpg-error fix is only necessary in some certain circumstances?

Sep 19 2022, 5:22 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Sep 7 2022

gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

It's not yet pushed, because it requires new release of libgpg-error (for T6112: libgpg-error,w32: bidirectional Pipe support for estream).

Sep 7 2022, 1:56 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Sep 6 2022

aheinecke added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I was looking for this when writing the update NEWS for the latest release and noticed that this has not been pushed yet. I really think that it would be nice to have that. Especially for Smartcard use cases.

Sep 6 2022, 11:53 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Aug 26 2022

gniibe closed T5984: gpg-agent interaction improvement (smartcard improvement #3) as Resolved.
Aug 26 2022, 7:28 AM · ssh, gpgagent, scd
gniibe removed a parent task for T5995: Better prompt with SETKEYDESC: T5984: gpg-agent interaction improvement (smartcard improvement #3).
Aug 26 2022, 7:28 AM · gnupg24, ssh, gpgagent, scd
gniibe removed a subtask for T5984: gpg-agent interaction improvement (smartcard improvement #3): T5995: Better prompt with SETKEYDESC.
Aug 26 2022, 7:28 AM · ssh, gpgagent, scd

Aug 24 2022

werner closed T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com as Resolved.
Aug 24 2022, 5:28 PM · workaround, gnupg (gpg23), ssh, Bug Report, scd

Aug 19 2022

chyen added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Probably, PIPE_REJECT_REMOTE_CLIENTS mode and lpSecurityAttributes=NULL is OK.

Aug 19 2022, 7:57 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Aug 15 2022

Saklad5 added a comment to T4260: export all valid authentication subkeys in --export-ssh-key.

Any progress on this?

Aug 15 2022, 4:11 PM · ssh, Feature Request

Jul 28 2022

gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Probably, PIPE_REJECT_REMOTE_CLIENTS mode and lpSecurityAttributes=NULL is OK.

Jul 28 2022, 9:00 AM · Not A Bug, workaround, gnupg24, Windows, ssh
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Here is the parser output:

$ python3 sd.py --type=pipe "D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)"
D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)
    Discretionary ACL: P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)
        Flags: P: SE_DACL_PROTECTED (Blocks inheritance of parent's ACEs)
Jul 28 2022, 8:39 AM · Not A Bug, workaround, gnupg24, Windows, ssh
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I think that the last argument of CreateNamedPipeA can limit the access to the named pipe.

Jul 28 2022, 8:20 AM · Not A Bug, workaround, gnupg24, Windows, ssh
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Here is a patch to implement the functionality with --enable-win32-openssh-support.

Jul 28 2022, 6:30 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Jul 18 2022

kmhuntly closed T6074: gpg v2.3.6 doesnt work with ssh as Resolved.

as of 2.3.7 (which I just updated to) this works. ticket can be closed

Jul 18 2022, 12:48 PM · Info Needed, gnupg (gpg23), ssh, Bug Report
gniibe added projects to T6074: gpg v2.3.6 doesnt work with ssh: ssh, gnupg (gpg23), Info Needed.

Please give us more information.

  • Do you change SSH program?
  • Do you mean, reinstalling gpg 2.3.4 fixes your issue?
  • Are you using with smartcard/token? Which one (Yubikey/Zeitcontrol/Gnuk), if it's the case?
Jul 18 2022, 10:31 AM · Info Needed, gnupg (gpg23), ssh, Bug Report

Jul 12 2022

gniibe added a project to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com: backport.

I'm going to backport this to 2.2, as it found useful.

Jul 12 2022, 9:09 AM · workaround, gnupg (gpg23), ssh, Bug Report, scd
gniibe closed T5702: Display prompt to user when YubiKey is waiting for touch confirmation, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 7:10 AM · ssh, gpgagent, scd
gniibe closed T5099: Confirmation dialog for remote access (restricted extra socket), a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:30 AM · ssh, gpgagent, scd
gniibe closed T5985: private-key: Support "Use-for-ssh" flag as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:28 AM · Feature Request, ssh, gpgagent
gniibe closed T5985: private-key: Support "Use-for-ssh" flag, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:28 AM · ssh, gpgagent, scd
gniibe renamed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token to OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Jul 12 2022, 3:26 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe edited projects for T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required), added: Documentation; removed Restricted Project.

Changed the tags and the title.

Jul 12 2022, 3:26 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe closed T5986: card: Show "Label:" when prompting the insertion of a card, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:17 AM · ssh, gpgagent, scd
gniibe closed T5986: card: Show "Label:" when prompting the insertion of a card as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:17 AM · ssh, gpgagent, scd
gniibe closed T5987: card: New field to specify refusing operations when card/token is not available as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:14 AM · ssh, gpgagent, scd
gniibe closed T5987: card: New field to specify refusing operations when card/token is not available, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:14 AM · ssh, gpgagent, scd
gniibe closed T5988: agent: Add new command to update private key fields, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:13 AM · ssh, gpgagent, scd
gniibe closed T5988: agent: Add new command to update private key fields as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:13 AM · Feature Request, ssh, gpgagent

Jun 28 2022

gniibe added a comment to T5985: private-key: Support "Use-for-ssh" flag.

We removed assuming "OPENPGP.3" means for ssh.

Jun 28 2022, 3:31 AM · Feature Request, ssh, gpgagent
gniibe closed T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jun 28 2022, 3:29 AM · ssh, gpgagent, scd
gniibe closed T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available as Resolved.
Jun 28 2022, 3:29 AM · ssh, gpgagent, scd
gniibe renamed T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available from ssh,card: OpenPGP.3 keys should be on the list (as default) even when card is not available to ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available.
Jun 28 2022, 3:22 AM · ssh, gpgagent, scd
gniibe added a comment to T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available.

Having "Use-for-ssh" flag now, experience shows that including OpenPGP.3 keys by default is not convenient.

Jun 28 2022, 3:20 AM · ssh, gpgagent, scd

Jun 23 2022

gniibe added a comment to T5988: agent: Add new command to update private key fields.

What about rejected changes to "Key:"?

Jun 23 2022, 3:05 AM · Feature Request, ssh, gpgagent

Jun 22 2022

werner added a comment to T5988: agent: Add new command to update private key fields.

What about rejected changes to "Key:"? Other this command would make it too easy to mess up the actual private key.

Jun 22 2022, 2:54 PM · Feature Request, ssh, gpgagent
gniibe added a project to T5988: agent: Add new command to update private key fields: Restricted Project.
Jun 22 2022, 8:49 AM · Feature Request, ssh, gpgagent

Jun 1 2022

gniibe claimed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Jun 1 2022, 5:09 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

May 27 2022

srgblnchtrn removed a watcher for ssh: srgblnchtrn.
May 27 2022, 10:05 PM
gniibe added a project to T5987: card: New field to specify refusing operations when card/token is not available: Restricted Project.
May 27 2022, 3:02 AM · ssh, gpgagent, scd
gniibe added a comment to T5987: card: New field to specify refusing operations when card/token is not available.

Default is "yes". When Prompt: no is specified, it doesn't ask but fails.

May 27 2022, 2:48 AM · ssh, gpgagent, scd
gniibe added a comment to T5987: card: New field to specify refusing operations when card/token is not available.

The behavior has been changed by T5996, to ask card insertion for the consistency of the semantics of configuration.

May 27 2022, 2:47 AM · ssh, gpgagent, scd
gniibe updated the task description for T5987: card: New field to specify refusing operations when card/token is not available.
May 27 2022, 2:45 AM · ssh, gpgagent, scd

May 26 2022

gniibe added a project to T5985: private-key: Support "Use-for-ssh" flag: Restricted Project.
May 26 2022, 10:39 AM · Feature Request, ssh, gpgagent
gniibe added a comment to T5985: private-key: Support "Use-for-ssh" flag.

With the change for T5996 applied, the semantics is clear. "Use-for-ssh" flag is a key not for "OpenPGP.3", but other keys (not only OpenPGP.[12], but also for normal keys.)

May 26 2022, 10:38 AM · Feature Request, ssh, gpgagent
gniibe added a project to T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available: Restricted Project.
May 26 2022, 10:19 AM · ssh, gpgagent, scd

May 23 2022

gniibe renamed T5984: gpg-agent interaction improvement (smartcard improvement #3) from gpg-agent interaction improvement ( (smartcard improvement #3) to gpg-agent interaction improvement (smartcard improvement #3).
May 23 2022, 6:41 AM · ssh, gpgagent, scd