gpg-agent fails to sign request
Testing, NormalPublic


I have this error now for some time in my gentoo gnupg builds or from origin/master. The log reads

ssh sign request failed: Unknown option <GPG Agent>

so I hunted the code down to the ssh_handler_sign_request function that removes all known flags.
The error comes from flags != 0, so I started patching the code, by a measurement of what flags is in the end.

if (flags & 0x10000) {
  log_error ("strange flags in: 0x%x/%d\n", flags, flags);
  /* drop the strange flag */
  flags &= ~0x10000;

by such strange flags debug line I detected that the ssh client sets this 0x10000 flag, that is unknown to gpg-agent, so I added this little block above that filters this unknown flag.


gpg (GnuPG) 2.2.15
ikrabbe created this task.Fri, Jun 7, 2:05 PM
ikrabbe changed the task status from Open to Testing.Fri, Jun 7, 2:09 PM

Please check if this patch works for you and please check where this flag actually comes from and what it does say!

ikrabbe triaged this task as High priority.Fri, Jun 7, 2:12 PM

This is a high prio error, I guess, because it breaks a very useable part of gnupg, that is really hard to maintain. If it is not stable to sign keys with the gpg-agent, it is very hard to use that. Many might switch back to the ssh-agent.

werner lowered the priority of this task from High to Normal.Fri, Jun 7, 6:32 PM