In the process of doing that, I also ended up finally reading the docs for gpg-agent and ssh-agent. They are pretty neat, but I'm annoyed by a couple of crying lacks.
- The developers of gpg-agent and ssh-agent ought to get together and converge on a common protocol, or even better, just merge and unify the tool. And hook up with the OpenSSL people.
- The ssh-agent and the gpg-agent ought to work hand in hand with the Gnome keyring and with the KDE keyring.
- ssh and gpg should demand load keys into their agents. That is, instead of having to run ssh-add or gpg-agent-add prior to using the keys, whenever ssh or gpg decrypt and use a local private key, they ought to then just load it into the agent for next time.
- There is a pam_ssh module, but not an equivalent pam_gpg module.