agent-transfer man page

agent-transfer — copy a secret key from gpg-agent to ssh-agent

Synopsis

agent-transfer [options] KEYGRIP [COMMENT]

Description

agent-transfer extracts a secret key from a modern version of GnuPG agent and sends it to the running SSH agent.  This is useful for people whose keys are managed in the long-term by GnuPG's gpg-agent, but who prefer the semantics of OpenSSH's ssh-agent for regular use.

agent-transfer was written as part of the monkeysphere project.

The KEYGRIP should be specified as a sequence of 20 hexadecimal characters.  If you aren't sure of the keygrip, you can inspect the output of:

       gpg --with-keygrip --list-secret-keys

The COMMENT is optional, and will be stored alongside the key in ssh-agent.  It must not start with a -, to avoid being mistaken for an option.

Options

agent-transfer also accepts options that would normally be passed to ssh-add(1) to constrain the use of the transferred key:

-c

Indicates that added identities should be subject to confirmation before being used for authentication.

-t SECONDS

Indicates that the key should have a lifetime of SECONDS in the running ssh-agent.

Files

~/.gnupg/S.gpg-agent

The socket where gpg-agent is listening.  This is the "standard socket" for modern GnuPG.

Environment Variables

GNUPGHOME

The GnuPG home directory, where the standard socket for gpg-agent lives.  If this is not set, it is assumed to be ~/.gnupg.

SSH_AUTH_SOCK

Specifies the location where the running ssh-agent is present.

Several other environment variables are also passed in some form to the gpg-agent to help it figure out how to run a sensible pinentry, including GPG_TTY, TERM, DISPLAY, XAUTHORITY, GTK_IM_MODULE, DBUS_SESSION_BUS_ADDRESS, and LANG.

Author

Written by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

See Also

monkeysphere(7), ssh(1), ssh-add(1), ssh-agent(1), gpg(1) gpg-agent(1),

Info

May 2016 monkeysphere User Commands