Hacker Neue

Preferences
s20n parent
Not having gpg-agent is a huge deal breaker for me. I feel gpg-agent doesn't get enough love. Not only can it do all the ssh-agent operations, it can also be used with gpgme-json[1] to do web authentication with your [A] key. It's truly a shame that hardly any applications leverage the powerful cryptography afforded by GPG.

[1]: https://manpages.debian.org/trixie/gpgme-json/gpgme-json.1.e...

ognarb
I knew about gpgme-json, but I didn't knew, you could do web auth with that. I though the usecase was mainly mailvelope. How does that work?
Ciantic
I want to know as well, I just read gpgme-json page posted, but it doesn't include anything about WebAuthn (aka passkeys).

Can you use GPG-agent for non-resident passkey challenges?

I also have Yubikey setup, but haven't thought of this.

Avamander
> Not only can it do all the ssh-agent operations

It can not. Doesn't work with PKCS#11 PIV. In general GPG's behavior with SmartCards is idiotic and interferes with many other applications.

It's good that people don't use GPG more often and I can just purge it from my systems.

johnisgood
What do you mean? I use GPG with SSH (or SSH with GPG) all the time, and I need gpg-agent for that. GPG's agent replaces ssh-agent and serves SSH keys derived from your GPG key.

Can you do this with Age? If not, then I am going to stick to GPG.

Avamander
I'm unsure what was unclear. It simply does not provide PIV support and it interferes with other software that wants to utilise SmartCards.

Can Age interfere with all SmartCard usage? No clue.

johnisgood
Oh well, let us just agree on that comparing Age to GPG is silly, ergo "Switching from GPG to Age" is silly, unless it is "Switching from GPG to Age for file encryption".

Age doesn't do signing, key infrastructure, or email. Minisign/signify only sign. None are GPG replacements. They're partial feature subsets that are simpler because they do less.

So, to summarize these tools:

- Age: Only does file encryption, no signing, no key management infrastructure, no email integration

- Minisign/Signify: Only signing, no encryption

- GPG: Encryption, signing, key management, email integration, multiple recipients, subkeys, revocation certificates, web of trust (even if unused), smart card support, etc.

You cannot just simply switch from GPG to Age unless you are only doing file encryption. If this is the case, then sure, you can.

This item has no comments currently.

Keyboard Shortcuts

Story Lists

j
Next story
k
Previous story
Shift+j
Last story
Shift+k
First story
o Enter
Go to story URL
c
Go to comments
u
Go to author

Navigation

Shift+t
Go to top stories
Shift+n
Go to new stories
Shift+b
Go to best stories
Shift+a
Go to Ask HN
Shift+s
Go to Show HN

Miscellaneous

?
Show this modal