[pkg-gnupg-maint] Bug#798956: Bug#798956: ssh-agent support broken in 2.1.8

NIIBE Yutaka gniibe at fsij.org
Wed Oct 14 00:55:26 UTC 2015


On 09/14/2015 10:27 PM, Yuri D'Elia wrote:
> ssh-agent support seems to be broken in 2.1.8.
> which seems to be just one byte longer than 2.1.8.

I think that you are using ed25519 key.

It is fixed in 2.1.9, but you need to remove corresponding private key
at first and to register your SSH-key again.

You can identify your private key by KEYINFO command of gpg-agent.

Here is how to examine.

    $ gpg-connect-agent "KEYINFO --ssh-list --ssh-fpr" /bye

You will get <KEYGRIP> string to identify the keygrip.  Your key is
stored in the file: .gnupg/private-keys-v1.d/<KEYGRIP>.key

Please remove the file, because it was stored in wrong format.

There were two bugs.

Once in the experimental phase of GnuPG, ed25519 keys were in
different format (without the prefix 0x40).  This has been changed and
released versions of GnuPG 2.1.x uses a format with the prefix 0x40.
Thus, when we generated ed25519 keys for authentication, it didn't
work with GnuPG 2.1.7 or earlier.  This bug was fixed in 2.1.8.

There were still another bug for registering SSH key.  It was
registered in wrong format (without the prefix 0x40), in GnuPG 2.1.8
or earlier.  This bug was fixed in 2.1.9.

Reference: https://bugs.gnupg.org/gnupg/issue2096

More information about the pkg-gnupg-maint mailing list