Page MenuHome GnuPG
Create Task
Maniphest T2957

gpg --export-ssh-key does not work for primary keys marked as authentication-capable
Closed, ResolvedPublic
Actions

Description

Consider the following OpenPGP certificate where the primary key is marked as
authentication-capable:

pub rsa2048 2016-11-21 [CA]

E512530B7EFE8A80394B6A7A745D2BF10DE373B5

uid [ full ] ssh://viewsic.mayfirst.org

0 dkg@alice:~$ gpg --export-ssh-key =ssh://viewsic.mayfirst.org
gpg: key "=ssh://viewsic.mayfirst.org" not found: Unusable public key
gpg: export as ssh key failed: Unusable public key
2 dkg@alice:~$

What's unusable about this public key? it's 2048-bit RSA, and it's marked
authentication-capable.

I can get around this by specifying the full fingerprint with a trailing ! but
that shouldn't be necessary since the primary key appears to already have the
authentication key usage flag set.

Details

Version
2.1.18

Related Objects

Event Timeline

dkg added projects: gnupg, Bug Report.Feb 14 2017, 2:48 AM
dkg set Version to 2.1.18.
dkg added a subscriber: dkg.
werner claimed this task.Feb 14 2017, 10:37 AM
werner added a subscriber: werner.
werner added a project: Restricted Project.Feb 14 2017, 10:59 AM

Done with commit b456e5be

gpg: Make --export-ssh-key work for the primary key.

* g10/export.c (export_ssh_key): Also check the primary key.
--

If no suitable subkey was found for export, we now check whether the
primary key is suitable for export and export this one.  Without this
change it was only possible to export the primary key by using the '!'
suffix in the key specification.

Also added a sample key for testing this.
werner closed this task as Resolved.Mar 31 2017, 3:14 PM