X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=website%2Fbugs%2Fhandle-passphrase-locked-secret-keys.mdwn;h=b58650ebae088a6633425346ca2ba57ebdb24a2c;hb=802c21de824309c1e704f172b12bf46bf5d86e7c;hp=ae5bf7222e871a4b40f73e04f1f70824eaa8413d;hpb=74a7b27673d1b7a19c6877a89c8651886c9abfe6;p=monkeysphere.git diff --git a/website/bugs/handle-passphrase-locked-secret-keys.mdwn b/website/bugs/handle-passphrase-locked-secret-keys.mdwn index ae5bf72..b58650e 100644 --- a/website/bugs/handle-passphrase-locked-secret-keys.mdwn +++ b/website/bugs/handle-passphrase-locked-secret-keys.mdwn @@ -1,4 +1,4 @@ -[[meta title="MonkeySphere needs to be able to cleanly export passphrase-locked secret keys from the GPG keyring"]] +[[meta title="MonkeySphere can't deal with passphrase-locked primary keys"]] At the moment, the only tool we have to export passphrase-locked secret keys from the GPG keyring is `gpg` itself (and `gpg2`, which @@ -32,7 +32,7 @@ primary key, then something like the following script should actually work for reasonable values of `$KEYID`: TMPDIR=$(mktemp -d) - uname 077 + umask 077 mkfifo "$TMPDIR/passphrase" kname="MonkeySphere Key $KEYID" mkfifo "$TMPDIR/$kname" @@ -50,6 +50,10 @@ so if we can get it incorporated into upstream (and/or into debian), we have a possible solution, as long as the authentication key is a subkey, and not a primary key. +As of version 0.11-1, `monkeysphere subkey-to-ssh-agent` implements +this particular strategy (and fails cleanly if the version of GnuTLS +present doesn't support the GNU dummy S2K extension). + --------- Ben Laurie and Rachel Willmer's @@ -90,3 +94,24 @@ Concerns: --------- Other alternatives? + +-------- + +Can this bug be closed? dkg [reported in a comment for a related +bug](/bugs/install-seckey2sshagent-in-usr-bin/): + + Version 0.11-1 now has the monkeysphere subkey-to-ssh-agent + subcommand, which works cleanly in the presence of a + functionally-patched GnuTLS. + +-------- + +Even with the patched GnuTLS, monkeysphere currently can't currently +deal with passphrase-locked primary keys. I've changed the title of +this bug, but i'd like to keep it open until we are able to deal with +that. The other comments here seem still quite relevant to that +need. + +I've changed the title of this bug to reflect the narrowed scope. + + --dkg