Identifying one of multiple authentication subkeys
Werner Koch
wk at gnupg.org
Tue Mar 26 09:16:22 CET 2019
On Mon, 25 Mar 2019 16:02, peter at digitalbrains.com said:
> But something more user friendly to match SSH fingerprint and keygrip
> could be beneficial. I'm not sure what that would look like and neither
You can build a script based on this:
$ gpg-connect-agent 'keyinfo --ssh-list --ssh-fpr' /bye
S KEYINFO 1234[...] D - - - P SHA256:PtJi[...] - S
[...]
This lists all keys allowed for ssh with its keygrip (1234. and the
corresponding ssh fingerprint (SHA256:PTJI). Details as usual by using
'help keyinfo'.
> For one thing, OpenSSH seems to prefer SHA256 SSH fingerprints over the
> old MD5 ones now.
That is right and you can tell gpg-agent this by using
ssh-fingerprint-digest sha256
(I don't like the base64 encoding becuase it is hard to visual compare,
but that is how it is). Note that while writing this I noticed that the
KEYINFO command always printed MD5 fingerprints. I fixed that for
2.2.15 so that the above option is considered. Further, it is also
possible to use
keyinfo --ssh-list --ssh-fpr-md5
keyinfo --ssh-list --ssh-fpr=sha1
keyinfo --ssh-list --ssh-fpr=sha256
to select a certain fingerprint format independent of the option.
Salam-Shalom,
Werner
p.s. Eventually someone(tm) should write a GUI tool to list and manage
all kind of private keys in GnuPG. For example to list all users of a
certain private key.
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190326/f8c66920/attachment.sig>
More information about the Gnupg-users
mailing list