diff --git a/doc/ChangeLog b/doc/ChangeLog index 855c3ca38..fa61b0466 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2005-01-27 Moritz Schulte + + * gpg-agent.texi: Document ssh-agent emulation layer. + 2005-01-04 Werner Koch * gnupg.texi: Updated to use @copying. diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 9d2cdfc46..01b4227c6 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -326,6 +326,37 @@ Ignore requests to change change the current @sc{tty} respective the X window system's @code{DISPLAY} variable. This is useful to lock the pinentry to pop up at the @sc{tty} or display you started the agent. +@item --ssh-support +@itemx --ssh-support +@opindex ssh-support +@opindex ssh + +Enable emulation of the OpenSSH Agent protocol. + +In this mode of operation, the agent does not only implement the +gpg-agent protocol, but also the agent protocol used by OpenSSH +(through a seperate socket). Consequently, it should possible to use +the gpg-agent as a drop-in replacement for the well known ssh-agent. + +SSH Keys, which are to be used through the agent, need to be added to +the gpg-agent initially through the ssh-add utility. When a key is +added, ssh-add will ask for the password of the provided key file and +send the unprotected key material to the agent; this causes the +gpg-agent to ask for a passphrase, which is to be used for encrypting +the newly received key and storing it in a gpg-agent specific +directory. + +Once, a key has been added to the gpg-agent this way, the gpg-agent +will be ready to use the key. + +Note: in case the gpg-agent receives a signature request, the user +might need to be prompted for a passphrased, which is necessary for +decrypting the stored key. Since the ssh-agent protocol does not +contain a mechanism for telling the agent on which display/terminal it +is running, gpg-agent's --ssh-support switch implies --keep-display +and --keep-tty. This strategy causes the gpg-agent to open a pinentry +on the display or on the terminal, on which it (the gpg-agent) was +started. @end table @@ -396,6 +427,9 @@ $ eval `gpg-agent --daemon` @node Agent Protocol @section Agent's Assuan Protocol +Note: this section does only document the protocol, which is used by +GnuPG components; it does not deal with the ssh-agent protocol. + The @command{gpg-agent} should be started by the login shell and set an environment variable to tell clients about the socket to be used. Clients should deny to access an agent with a socket name which does