[pkg-gnupg-maint] Bug#795636: gnupg-agent: adding 384-bit ECDSA key puts wrong fingerprint in sshcontrol

brian m. carlson sandals at crustytoothpaste.net
Sat Aug 15 21:45:09 UTC 2015 

Package: gnupg-agent
Version: 2.1.7-1
Severity: minor

I added the following ECDSA SSH key earlier today (with GnuPG 2.1.6).
gpg-agent added it to sshcontrol with an incorrect MD5 fingerprint:

  ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIcIk0jxxbWcr5s6TK2CNnH8qJRfnSe7pWCHohPnIOKqDMqPJcEDjntMXukXjpnzMVv/ToBvMqCK49uztCzPUiF0kIBhziVvyGkZqrUrJd2BD2wedrpCTfY//dA9viKLrQ== bmc at vauxhall

  # ECDSA key added on: 2015-08-15 20:51:39
  # MD5 Fingerprint:  bf:b2:5c:1e:be:8a:63:74:19:50:bf:23:21:3c:ff:5e
  0D3ADB5BC29D85ECCA7397095962CB389A1C734D 0

Considering the simplicity of the algorithm[0], I'm not sure why this is
broken, but it does appear to be.  This is confusing, but otherwise
purely aesthetic.  The key functions correctly and can be used normally.

(Once OpenSSH 7.0 hits unstable, you might consider putting the SHA-256
fingerprint in instead, but that's another bug report.)

[0]
  vauxhall ok % awk '{print $2}' .ssh/id_ecdsa.pub | base64 -d | md5sum -
  c96109c1843bfc555c87130444345439  -
  vauxhall ok % ssh-add -l | grep ecdsa
  384 c9:61:09:c1:84:3b:fc:55:5c:87:13:04:44:34:54:39 /home/bmc/.ssh/id_ecdsa (ECDSA)

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_US.UTF-8, LC_CTYPE=es_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg-agent depends on:
ii  libassuan0                  2.2.1-1
ii  libc6                       2.19-19
ii  libgcrypt20                 1.6.3-2
ii  libgpg-error0               1.19-2
ii  libnpth0                    1.2-1
ii  libreadline6                6.3-8+b3
ii  pinentry-curses [pinentry]  0.9.5-4
ii  pinentry-gnome3 [pinentry]  0.9.5-4
ii  pinentry-gtk2 [pinentry]    0.9.5-4

Versions of packages gnupg-agent recommends:
ii  gnupg   1.4.19-3
ii  gnupg2  2.1.7-1

gnupg-agent suggests no packages.

-- no debconf information

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20150815/7dfd6abb/attachment.sig>

More information about the pkg-gnupg-maint mailing list