Page MenuHome GnuPG

gpg --export-ssh-key does not work for primary keys marked as authentication-capable
Closed, ResolvedPublic


Consider the following OpenPGP certificate where the primary key is marked as

pub rsa2048 2016-11-21 [CA]


uid [ full ] ssh://

0 dkg@alice:~$ gpg --export-ssh-key =ssh://
gpg: key "=ssh://" not found: Unusable public key
gpg: export as ssh key failed: Unusable public key
2 dkg@alice:~$

What's unusable about this public key? it's 2048-bit RSA, and it's marked

I can get around this by specifying the full fingerprint with a trailing ! but
that shouldn't be necessary since the primary key appears to already have the
authentication key usage flag set.



Event Timeline

dkg set Version to 2.1.18.
dkg added a subscriber: dkg.

Done with commit b456e5be

gpg: Make --export-ssh-key work for the primary key.

* g10/export.c (export_ssh_key): Also check the primary key.

If no suitable subkey was found for export, we now check whether the
primary key is suitable for export and export this one.  Without this
change it was only possible to export the primary key by using the '!'
suffix in the key specification.

Also added a sample key for testing this.