-[[meta title="MonkeySphere needs to be able to cleanly export passphrase-locked secret keys from the GPG keyring"]]
+[[meta title="MonkeySphere can't deal with passphrase-locked primary keys]]
At the moment, the only tool we have to export passphrase-locked
secret keys from the GPG keyring is `gpg` itself (and `gpg2`, which
work for reasonable values of `$KEYID`:
TMPDIR=$(mktemp -d)
- uname 077
+ umask 077
mkfifo "$TMPDIR/passphrase"
kname="MonkeySphere Key $KEYID"
mkfifo "$TMPDIR/$kname"
we have a possible solution, as long as the authentication key is a
subkey, and not a primary key.
+As of version 0.11-1, `monkeysphere subkey-to-ssh-agent` implements
+this particular strategy (and fails cleanly if the version of GnuTLS
+present doesn't support the GNU dummy S2K extension).
+
---------
Ben Laurie and Rachel Willmer's
---------
Other alternatives?
+
+--------
+
+Can this bug be closed? dkg [reported in a comment for a related
+bug](/bugs/install-seckey2sshagent-in-usr-bin/):
+
+ Version 0.11-1 now has the monkeysphere subkey-to-ssh-agent
+ subcommand, which works cleanly in the presence of a
+ functionally-patched GnuTLS.
+
+--------
+
+Even with the patched GnuTLS, monkeysphere currently can't currently
+deal with passphrase-locked primary keys. I've changed the title of
+this bug, but i'd like to keep it open until we are able to deal with
+that. The other comments here seem still quite relevant to that
+need.
+
+I've changed the title of this bug to reflect the narrowed scope.
+
+ --dkg
projects / monkeysphere.git / blobdiff