aspengasil.blogg.se - Copy paste private key into gpg suite

Copy paste private key into gpg suite password#

This is natively supported by OpenSSH via PKCS11Provider: ssh -I opensc-pkcs11.so can be made aware of PKCS#11 keys as well: ssh-add -s opensc-pkcs11.so Third option: Instead of using the Yubikey via gpg-agent, use its PIV smartcard support via PKCS#11. How do I avoid the import while allowing all sources of keys to be used? One idea that I was having was to set up multiple agents on the same machine, possibly gpg-agent forwarding to a local ssh-agent, but this sounds like it may be overly complicated.Ī similar problem is part of this KeePassXC issue, but no solution was suggested. Similar for ssh-adding key files from the shell: I do not want to import and persist those while having to provide even more passwords.The keys shouldn't be permanently available afterwards.

Copy paste private key into gpg suite password#

I want KeePassXC to temporarily add keys to the current ssh-agent when it unlocks the password database.

This works as advertised, but defeats the purpose of having keys stored elsewhere: I need to provide an additional password for encrypting those. When using ssh-add or KeePassXC to add those, they are imported by gpg-agent and stored in ~/.gnupg/private-keys-v1.d/. I do have other keys available (filesystem and KeePassXC). I use GnuPG 2 keys (on a YubiKey) for SSH authentication through gpg-agent's enable-ssh-support. It is doing automatically exactly what I think you imagined doing manually when you asked about whether to "further encrypt it with a password of mine".Tl dr: Is there a way to either disable the persistent import functionality of gpg-agent or work around that to allow using different sources for SSH keys? Situation

Then it outputs the ciphertext private key. GPG takes the private key, asks you for a password, and uses the password to encrypt the private key. There is no password before that (unless you lock your keyring with a password, but you will have needed to unlock it for gpg beforehand anyway). If the key is exported encrypted with the password, why it is asking me the password to export it in the first place?īecause you are choosing the password when you export the key. So I thought that the key was decrypted with the password and then exported.

When I exported the private key, it asked for the password. The private key is only exported as plaintext if you chose to enter a blank password (viz. That's why gpg asks you for a password when it exports the private key. GPG will do password-based encryption for you. But you don't need to "further encrypt" anything. Where should I keep the backup? Since the private key is in plain text, should I further encrypt it with a password of mine? Just as said in his comment.Īlso, in regards to the actual key data itself, an RSA or ECC public key can be derived from its corresponding private key. The PGP private key includes the public key. Exporting the secret key does export the key pair. What is the correct command to backup my key pair?