Page MenuHome GnuPG

ed25519 ssh key stop working
Closed, ResolvedPublic

Description

I use gpg-agent as ssh agent, After I upgraded gnupg to version 2.1.8, I can't
use my ssh key (ed25519) to login anymore. It was working in 2.1.7 version.

This is the output of ssh-add -L
key_from_blob: invalid format

Details

Version
2.1.8

Event Timeline

nuimk set Version to 2.1.8.
nuimk added a subscriber: nuimk.

That is interesting.
Which version of Libgcrypt are you using. (gpg --version shows it)

When did you create your GPG key of ed25519?
Or... did you register your SSH key by ssh-add?
If so, gnupg/agent/command-ssh.c:2147 doesn't add prefix 0x40.
That's the problem.
Sorry, that's my badness. I didn't look through this code path.

If you can binary-edit, please add
prefix @ (0x40) to the public key in the *.key file.
There is the sequence like:

...(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32...

This shoule be changed:

      ...(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q33@...

Sorry for your inconvenience.

Which version of Libgcrypt are you using. (gpg --version shows it)

libgcrypt-config --version
1.6.4

When did you create your GPG key of ed25519?
Or... did you register your SSH key by ssh-add?

The ssh key was generated by "ssh-keygen -t ed25519" and added by ssh-add.

If you can binary-edit, please add
prefix @ (0x40) to the public key in the *.key file.

I change from:

(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32:..

to:

  (3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q33@:..

then 'ssh-add -L', and get
The agent has no identities.

It seems not working for me. By the way, I switch to 2.1.7 version which
doesn't have this problem.

This has been fixed in the repo (7d5999f). AFAICS, you need to ssh-add the key
again.

It has been fixed. However, because the keygrip is same (before the fix and
after the fix), ssh-add doesn't update the file.
A user needs to remove the file at first.
I'm not sure what to suggest here.
Perhaps, getting the keygrip by 'gpg-connect-agent "keyinfo --ssh-list" /bye',
and then remove the file.
then ssh-add again.

If it's Bash, it is like:

$ rm -i ~/.gnupg/private-keys-v1.d/$(gpg-connect-agent "KEYINFO --ssh-list"

/bye | awk '{print $3}').key

Thanks. I'm very happy with gnupg 2.1.

nuimk removed a project: Restricted Project.