X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=website%2Fbugs%2Fhandle-passphrase-locked-secret-keys.mdwn;h=2df14eb9a6f7a90c61ec69bcfb9bedfe8cd756c1;hb=c0fed884906cc1a55f447449d323e96397952ee9;hp=b66e4c7a98401523d368176ea2e5e8910749d744;hpb=56d6185075f3416b60d5cd3dcebd8cae28ec4295;p=monkeysphere.git

diff --git a/website/bugs/handle-passphrase-locked-secret-keys.mdwn b/website/bugs/handle-passphrase-locked-secret-keys.mdwn
index b66e4c7..2df14eb 100644
--- a/website/bugs/handle-passphrase-locked-secret-keys.mdwn
+++ b/website/bugs/handle-passphrase-locked-secret-keys.mdwn
@@ -32,12 +32,14 @@ primary key, then something like the following script should actually
 work for reasonable values of `$KEYID`:
 
 	TMPDIR=$(mktemp -d)
-	uname 077
+	umask 077
 	mkfifo "$TMPDIR/passphrase"
 	kname="MonkeySphere Key $KEYID"
 	mkfifo "$TMPDIR/$kname"
-	ssh-agent "Please enter the passphrase for MonkeySphere key $KEYID" >"$TMPDIR/passphrase" &
-	gpg  --passphrase-fd 3 3<"$TMPDIR/passphrase" --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes --export-secret-subkeys "$KEYID"\! | openpgp2ssh "$KEYID" > "$TMPDIR/$kname"
+	ssh-askpass "Please enter the passphrase for MonkeySphere key $KEYID" >"$TMPDIR/passphrase" &
+	gpg  --passphrase-fd 3 3<"$TMPDIR/passphrase" \
+	  --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \
+	  --export-secret-subkeys "$KEYID"\! | openpgp2ssh "$KEYID" > "$TMPDIR/$kname" &
 	(cd "$TMPDIR" && ssh-add -c "$kname")
 	rm -rf "$TMPDIR"	
 
@@ -48,6 +50,10 @@ so if we can get it incorporated into upstream (and/or into debian),
 we have a possible solution, as long as the authentication key is a
 subkey, and not a primary key.
 
+As of version 0.11-1, `monkeysphere subkey-to-ssh-agent` implements
+this particular strategy (and fails cleanly if the version of GnuTLS
+present doesn't support the GNU dummy S2K extension).
+
 ---------
 
 Ben Laurie and Rachel Willmer's