Mark Atwood (fallenpegasus) wrote,
Mark Atwood

X-PGP-Sig header, and thoughts on key agent daemons

So yesterday I tweaked my emacs and gnus configuration so that it generates an X-PGP-Sig header on outgoing messages. Now all my outgoing emails and netnews posts are unobtrusively signed. (My GPG key is here on the keyserver networks.)

In the process of doing that, I also ended up finally reading the docs for gpg-agent and ssh-agent. They are pretty neat, but I'm annoyed by a couple of crying lacks.

  • The developers of gpg-agent and ssh-agent ought to get together and converge on a common protocol, or even better, just merge and unify the tool. And hook up with the OpenSSL people.
  • The ssh-agent and the gpg-agent ought to work hand in hand with the Gnome keyring and with the KDE keyring.
  • ssh and gpg should demand load keys into their agents. That is, instead of having to run ssh-add or gpg-agent-add prior to using the keys, whenever ssh or gpg decrypt and use a local private key, they ought to then just load it into the agent for next time.
  • There is a pam_ssh module, but not an equivalent pam_gpg module.
Tags: crypto, emacs, geek, gnus, gpg, pgp, ssh
  • Post a new comment


    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded