agent-transfer - copy a secret key from gpg-agent to ssh-agent
agent-transfer [options] KEYGRIP [COMMENT]
extracts a secret key from a modern version of GnuPG agent
and sends it to the running SSH agent. This is useful for people whose keys
are managed in the long-term by GnuPG's gpg-agent, but who prefer the
semantics of OpenSSH's ssh-agent for regular use.
was written as part of the monkeysphere project.
should be specified as a sequence of 20 hexadecimal
characters. If you aren't sure of the keygrip, you can inspect the output of:
gpg --with-keygrip --list-secret-keys
is optional, and will be stored alongside the key in
ssh-agent. It must not start with a -, to avoid being mistaken for an option.
also accepts options that would normally be passed to
(1) to constrain the use of the transferred key:
- Indicates that added identities should be subject to
confirmation before being used for authentication.
- -t SECONDS
- Indicates that the key should have a lifetime of SECONDS in
the running ssh-agent.
- The socket where gpg-agent is listening. This is the
"standard socket" for modern GnuPG.
- The GnuPG home directory, where the standard socket for
gpg-agent lives. If this is not set, it is assumed to be ~/.gnupg.
- Specifies the location where the running ssh-agent is
Several other environment variables are also passed in some form to the
gpg-agent to help it figure out how to run a sensible pinentry, including
GPG_TTY, TERM, DISPLAY, XAUTHORITY, GTK_IM_MODULE, DBUS_SESSION_BUS_ADDRESS,
Written by: Daniel Kahn Gillmor <firstname.lastname@example.org>