X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=website%2Fbugs%2Fhandle-passphrase-locked-secret-keys.mdwn;h=ae5bf7222e871a4b40f73e04f1f70824eaa8413d;hb=ec9ded739045d9532fbc4883bbeb37f7aa940ac6;hp=a61b5ba369317eb8a367007fa96cd3f87f0e7dd8;hpb=5c1046f14ff2e1efda332aa07747661abca0b98f;p=monkeysphere.git

diff --git a/website/bugs/handle-passphrase-locked-secret-keys.mdwn b/website/bugs/handle-passphrase-locked-secret-keys.mdwn
index a61b5ba..ae5bf72 100644
--- a/website/bugs/handle-passphrase-locked-secret-keys.mdwn
+++ b/website/bugs/handle-passphrase-locked-secret-keys.mdwn
@@ -36,11 +36,20 @@ work for reasonable values of `$KEYID`:
 	mkfifo "$TMPDIR/passphrase"
 	kname="MonkeySphere Key $KEYID"
 	mkfifo "$TMPDIR/$kname"
-	ssh-agent "Please enter the passphrase for MonkeySphere key $KEYID" >"$TMPDIR/passphrase" &
-	gpg  --passphrase-fd 3 3<"$TMPDIR/passphrase" --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes --export-secret-subkeys "$KEYID"\! | openpgp2ssh "$KEYID" > "$TMPDIR/$kname"
+	ssh-askpass "Please enter the passphrase for MonkeySphere key $KEYID" >"$TMPDIR/passphrase" &
+	gpg  --passphrase-fd 3 3<"$TMPDIR/passphrase" \
+	  --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \
+	  --export-secret-subkeys "$KEYID"\! | openpgp2ssh "$KEYID" > "$TMPDIR/$kname" &
 	(cd "$TMPDIR" && ssh-add -c "$kname")
 	rm -rf "$TMPDIR"	
 
+Good news!  [I've crafted a patch for GnuTLS to enable it to read
+exported subkeys using this GNU
+extension](http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html),
+so if we can get it incorporated into upstream (and/or into debian),
+we have a possible solution, as long as the authentication key is a
+subkey, and not a primary key.
+
 ---------
 
 Ben Laurie and Rachel Willmer's