Export ssh key fails (brainpoolP256r1)
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	gcasse
	Mar 3 2019, 7:01 PM

Description

Observed using a Nitrokey Pro2 and gnupg2 (2.2.4-1ubuntu1.2).
Also seen using gnupg 2.2.10 and brainpoolp512r1 [1].

gpg2 --export-ssh-key $key_id

gpg: export as ssh key failed: Unknown elliptic curve

gpg2 --list-keys $key_id

pub brainpoolP256r1 2019-03-01 [SC] [expires: 2019-05-30]
...key_id...
uid [ unknown] username <user@email.net>
sub brainpoolP256r1 2019-03-01 [A] [expires: 2019-05-30]
sub brainpoolP256r1 2019-03-01 [E] [expires: 2019-05-30]
sub ed25519 2019-03-01 [S] [expires: 2019-05-30]

[1] Issue also observed using gnupg 2.2.10 and brainpoolp512r1.
Retrieved from the Nitrokey support list:
https://support.nitrokey.com/t/gpg-with-nitrokey-storage-2-using-brainpoolp512r1-unable-to-export-public-ssh-key/1395

Details

External Link: https://support.nitrokey.com/t/gpg-with-nitrokey-storage-2-using-brainpoolp512r1-unable-to-export-public-ssh-key/1395
Version: 2.2.4

Event Timeline

gcasse created this task.Mar 3 2019, 7:01 PM

gcasse updated the task description. (Show Details)Mar 3 2019, 7:03 PM

ssh does nut support brainpool curves and thus GnuPG does not know how to map its internal name of the curve to the name as specified by ssh. GnuPG supports these curves:

ecdsa-sha2-nistp256
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521
ecdsa-sha2-nistp521-cert-v01@openssh.com
ssh-dss
ssh-dss-cert-v01@openssh.com
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-rsa-cert-v01@openssh.com