Yubikey, GnuPG 2.1 Modern, and SSH on OS X

Glenn Rempe glenn at rempe.us
Sat Jan 16 00:47:07 CET 2016


Thanks Peter, I was not aware of that (and it certainly explains the double
entry in ssh-add -l.

btw, Werner was not writing that response to me. It was just pointed out to
me, so yes it was
probably not smart card specific I would guess. I'll update the blog post
to reflect that we
probably do not need to modify sshcontrol for use with Yubikey.

Back to the main issue I am having. I followed the instructions to output a
verbose scdaemon log
which I was exercising this issue.  Here is a gist with the commands I was
running and the resulting
logfile.

https://gist.github.com/grempe/e143796b8f399f5fa391

Perhaps NIIBE Yutaka or someone else more knowledgable than I can take a
look and
get us closer to resolution. :-)

Thanks for everyone who is helping.


On Fri, Jan 15, 2016 at 3:08 PM Peter Lebbing <peter at digitalbrains.com>
wrote:

> On 15/01/16 21:17, Glenn Rempe wrote:
> > I added it at the suggestion of Werner in this post:
> >
> > https://lists.gnupg.org/pipermail/gnupg-users/2012-July/045059.html
> >
> > And these blog posts:
> > http://incenp.org/notes/2015/gnupg-for-ssh-authentication.html
> > http://budts.be/weblog/2012/08/ssh-authentication-with-your-pgp-key
> >
> > Is this suggestion outdated?
>
> No, but I'm fairly sure Werner did not realise you were using a smartcard
> when
> he wrote that. Obviously, I can't look into the man's mind, but that's my
> guess.
>
> For regular, on-disk keys, it is necessary to add the keygrip to
> sshcontrol. For
> smartcards, it's automatically added when the smartcard is inserted. I
> guess it
> fits with automatically added secret key stubs when the smartcard is
> inserted
> (to use a smartcard on a fresh PC, import your own public key, insert your
> smartcard, and you're done).
>
> HTH,
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160115/854d3067/attachment.html>


More information about the Gnupg-users mailing list