[pkg-gnupg-maint] Bug#846175: Bug#846175: gnupg-agent: Cannot use/delete ssh keys w/ empty passphrase
Werner Koch
wk at gnupg.org
Tue Nov 29 09:39:47 UTC 2016
On Tue, 29 Nov 2016 00:20, matthias at urlichs.de said:
> I can't delete them; "ssh-add -d path/to/file-pub" silently fails.
> So does "ssh-add -D".
gpg-agent does not support this because it stores the key in its own
database. As you may have noticed ss-add is only required once to tell
gpg-agent about the key. The code to remove the indentity has this
comment:
/* FIXME: What to do here - forgetting the passphrase or deleting
the key from key cache? */
Given that there is no easy way to know the origin of the key (it may
have been added by ssh-add or be for example a gpg subkey) I tend to
implement the latter (i.e. forgetting the passphrase).
> gpg-agent[6308]: failed to unprotect the secret key: No passphrase given
>
> Umm, yes a passphrase *was* asked for, and given; it just happens to be
> empty. So? This worked before updating my system to Testing yesterday.
Indeed there is a bug when adding an ssh-key w/o passphrase.
I filed gnupg bug
https://bugs.gnupg.org/gnupg/issue2856
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161129/7ef485cb/attachment.sig>
More information about the pkg-gnupg-maint
mailing list