* command-ssh.c (get_passphrase): Removed.

(ssh_identity_register): Partly rewritten.
(open_control_file, search_control_file, add_control_entry): New.
(ssh_handler_request_identities): Return only files listed in our
control file.

* findkey.c (unprotect): Check for allocation error.

* agent.h (opt): Add fields to record the startup terminal
settings.
* gpg-agent.c (main): Record them and do not force keep display
with --enable-ssh-support.
* command-ssh.c (start_command_handler_ssh): Use them here.

* gpg-agent.c: Renamed option --ssh-support to
--enable-ssh-support.

* command.c (cmd_readkey): New.
(register_commands): Register new command "READKEY".

* command-ssh.c (ssh_request_process): Improved logging.

* findkey.c (agent_write_private_key): Always use plain open.
Don't depend on an umask for permissions.
(agent_key_from_file): Factored file reading code out to ..
(read_key_file): .. new function.
(agent_public_key_from_file): New.

agent/keyformat.txt

@@ -31,8 +31,12 @@ Libgcrypt.  Here is an example of an unprotected file:
   (u #304559a..[some bytes not shown]..9b#)
  )
  (uri http://foo.bar x-foo:whatever_you_want)
+ (comment whatever)
 )
 
+"comment" and "uri" are optional.  "comment" is currently used to keep
+track of ssh key comments.
+
 Actually this form should not be used for regular purposes and only
 accepted by gpg-agent with the configuration option:
 --allow-non-canonical-key-format.  The regular way to represent the
@@ -62,6 +66,7 @@ A protected key is like this:
     (protected mode (parms) encrypted_octet_string)
    )
    (uri http://foo.bar x-foo:whatever_you_want)
+   (comment whatever)
 )  
 
 
@@ -134,6 +139,7 @@ to keys stored on a token:
     (shadowed protocol (info))
    )
    (uri http://foo.bar x-foo:whatever_you_want)
+   (comment whatever)
 )  
 
 The currently used protocol is "ti-v1" (token info version 1).  The