Previous: Agent Examples, Up: Invoking GPG-AGENT [Contents][Index]
Note: this section does only document the protocol, which is used by GnuPG components; it does not deal with the ssh-agent protocol.
The gpg-agent
should be started by the login shell and set an
environment variable to tell clients about the socket to be used.
Clients should deny to access an agent with a socket name which does
not match its own configuration. An application may choose to start
an instance of the gpgagent if it does not figure that any has been
started; it should not do this if a gpgagent is running but not
usable. Because gpg-agent
can only be used in background mode, no
special command line option is required to activate the use of the
protocol.
To identify a key we use a thing called keygrip which is the SHA-1 hash of an canonical encoded S-Expression of the public key as used in Libgcrypt. For the purpose of this interface the keygrip is given as a hex string. The advantage of using this and not the hash of a certificate is that it will be possible to use the same keypair for different protocols, thereby saving space on the token used to keep the secret keys.
• Agent PKDECRYPT: | Decrypting a session key | |
• Agent PKSIGN: | Signing a Hash | |
• Agent GENKEY: | Generating a Key | |
• Agent IMPORT: | Importing a Secret Key | |
• Agent EXPORT: | Exporting a Secret Key | |
• Agent ISTRUSTED: | Importing a Root Certificate | |
• Agent GET_PASSPHRASE: | Ask for a passphrase | |
• Agent CLEAR_PASSPHRASE: | Expire a cached passphrase | |
• Agent GET_CONFIRMATION: | Ask for confirmation | |
• Agent HAVEKEY: | Check whether a key is available | |
• Agent LEARN: | Register a smartcard | |
• Agent PASSWD: | Change a Passphrase | |
• Agent UPDATESTARTUPTTY: | Change the Standard Display | |
• Agent GETEVENTCOUNTER: | Get the Event Counters | |
• Agent GETINFO: | Return information about the process | |
• Agent OPTION: | Set options for the session |
Previous: Agent Examples, Up: Invoking GPG-AGENT [Contents][Index]