Page MenuHome GnuPG

gpg-agent comments in sshcontrol for do not match ssh
Closed, ResolvedPublic

Description

over on https://bugs.debian.org/795636, brian m. carlson describes a scenario
where gpg-agent imports an ECDSA 384-bit NIST ssh key as ssh-agent, and writes
the wrong SSH md5 fingerprint into the comment in ~/.gnupg/sshcontrol.

I've tested this and can replicate it with 2.1.7, even though the fingerprints
produced for 1024-bit RSA and 256-bit NIST ECDSA and 521-bit NIST ECDSA are both
correct. 384-bit NIST ECDSA produces a bad fingerprint.

to replicate:

------------------

export GNUPGHOME=$(mktemp -d)
echo enable-ssh-support > $GNUPGHOME/gpg-agent.conf
gpgconf --launch gpg-agent
export SSH_AUTH_SOCK=$GNUPGHOME/S.gpg-agent.ssh
for x in 256 384 521; do

ssh-keygen -t ecdsa -N '' -b $x -f testkey$x
ssh-add testkey$x

done

cat $GNUPGHOME/sshcontrol
for x in 256 384 521; do

ssh-keygen -l -f testkey$x.pub

done

------------------

Details

Version
2.1.8

Event Timeline

dkg added projects: gnupg, Bug Report.
dkg added a subscriber: dkg.

This is still a problem with 2.1.8

dkg changed Version from 2.1.7 to 2.1.8.Sep 14 2015, 4:23 PM

With recent versions of OpenSSH, the default fingerprint shown is uses SHA256.
The fingerprints emitted in sshcontrol are MD5. You can get ssh-keygen -l to
produce comparable MD5 fingerprints with "-E md5".

Perhaps the generated sshcontrol should also include the base64-encoded SHA256
fingerprints as well, though?

That still doesn't explain why ecdsa 384 keys are mis-fingerprinted, though.

werner added a subscriber: werner.

I have not yet used that new ssh version. Will look into it soon to get the MD5
fingerprints replaced.

The MD5 bug has been fixed with commit 2167951:

  • gcry_md_write (md, "384\0\0\0\x08nistp521", 15);

+ gcry_md_write (md, "384\0\0\0\x08nistp384", 15);

See T2106 for the SHA-256 feature.

werner claimed this task.
werner removed a project: Restricted Project.