work for reasonable values of `$KEYID`:
TMPDIR=$(mktemp -d)
- uname 077
+ umask 077
mkfifo "$TMPDIR/passphrase"
kname="MonkeySphere Key $KEYID"
mkfifo "$TMPDIR/$kname"
- ssh-agent "Please enter the passphrase for MonkeySphere key $KEYID" >"$TMPDIR/passphrase" &
- gpg --passphrase-fd 3 3<"$TMPDIR/passphrase" --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes --export-secret-subkeys "$KEYID"\! | openpgp2ssh "$KEYID" > "$TMPDIR/$kname"
+ ssh-askpass "Please enter the passphrase for MonkeySphere key $KEYID" >"$TMPDIR/passphrase" &
+ gpg --passphrase-fd 3 3<"$TMPDIR/passphrase" \
+ --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \
+ --export-secret-subkeys "$KEYID"\! | openpgp2ssh "$KEYID" > "$TMPDIR/$kname" &
(cd "$TMPDIR" && ssh-add -c "$kname")
rm -rf "$TMPDIR"
+Good news! [I've crafted a patch for GnuTLS to enable it to read
+exported subkeys using this GNU
+extension](http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html),
+so if we can get it incorporated into upstream (and/or into debian),
+we have a possible solution, as long as the authentication key is a
+subkey, and not a primary key.
+
+As of version 0.11-1, `monkeysphere subkey-to-ssh-agent` implements
+this particular strategy (and fails cleanly if the version of GnuTLS
+present doesn't support the GNU dummy S2K extension).
+
---------
Ben Laurie and Rachel Willmer's
projects / monkeysphere.git / blobdiff