2.6 Agent’s Assuan Protocol

Note: this section does only document the protocol, which is used by GnuPG components; it does not deal with the ssh-agent protocol. To see the full specification of each command, use

  gpg-connect-agent 'help COMMAND' /bye

or just ’help’ to list all available commands.

The gpg-agent daemon is started on demand by the GnuPG components.

To identify a key we use a thing called keygrip which is the SHA-1 hash of an canonical encoded S-Expression of the public key as used in Libgcrypt. For the purpose of this interface the keygrip is given as a hex string. The advantage of using this and not the hash of a certificate is that it will be possible to use the same keypair for different protocols, thereby saving space on the token used to keep the secret keys.

The gpg-agent may send status messages during a command or when returning from a command to inform a client about the progress or result of an operation. For example, the INQUIRE_MAXLEN status message may be sent during a server inquire to inform the client of the maximum usable length of the inquired data (which should not be exceeded).