Problem: Lost private key file ~/.ssh/id_rsa, but could connect to remote hosts via pubkey auth anyway: gpg-agent cached the private key. How to get the private key?
Solution: Use gpg-protect-tool to get the key (you need to know the passphrase of course):
gpgsm --call-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/your-keyfile.key >key.p12
Now you have a PKCS12 file and you can extract the private key like this:
openssl pkcs12 -in key.p12 -out privkey.pem
And there is your extracted private key.
gpg --list-secret-keys --with-keygrip
will not list keys cached by the gpg-agent that ended up there from anssh-add
. I.e. Some of the ones found ingpg-connect-agent <<<"keyinfo --ssh-list"
will not work with this method.Also, if the key added to the agent has a comment field, gpgsm completely chokes on it. I mentioned on IRC and dkg reported in my behalf: https://dev.gnupg.org/T4892
Let's see what comes out of it.