openpgp-card-ssh-agent #
A standalone SSH Agent for use with OpenPGP cards.
https://crates.io/crates/openpgp-card-ssh-agent
This SSH Agent tool aims for simple and enjoyable UX (including desktop notifications for touch confirmation).
It serves the same purpose as the ssh agent feature in the gpg-agent
tool. However, this tool always uses pcscd
to access cards (and never locks them for exclusive use).
See the project documentation above to learn about setting up and using openpgp-card-ssh-agent
.
Notification when touch confirmation is required #
Some OpenPGP card devices can be configured to require physical confirmation on the device (e.g. by touching a surface of the device with a finger) to allow a cryptographic operation (such as authenticating to a remote host for ssh access).
This crate notifies the user on the desktop when “touch confirmation” is required on an OpenPGP card.
(The multi-platform notify-rust library makes notifications available on all major platforms.)
User PIN handling #
OpenPGP card devices require presentation of a “User PIN” to allow performing cryptographic operations on them. openpgp-card-ssh-agent
performs this PIN presentation on behalf of the user.
The suggested method for User PIN handling with openpgp-card-ssh-agent
is to manage the PIN with one of the supported mechanisms in openpgp-card-state.
The openpgp-card-state page offers more context and discussion of the options and their tradeoffs.