GnuPG fails to import back generated and exported EdDSA secret key.
Testing, HighPublic

Description

Using 2.3.0-beta version (not sure which commit exactly, sorry - updated to beta1448 to check whether problem persists), did the following:

  • generated EdDSA primary key + subkey in a clean and empty home directory
  • added some userids for testing
  • exported public and secret keys
  • deleted directory, and created a new one
  • trying to import secret key.

It doesn't accept it, telling that password is invalid.
However, using our rnp implementation and the same password key is used correctly, able to sign, and the signature is valid for both GnuPG and rnp.
Password used: 'password'.
Secret key is attached (it's just for testing purposes, so may be freely shared).

Details

gniibe claimed this task.Thu, Oct 29, 6:35 AM
gniibe added a subscriber: gniibe.

With bata1449, I cannot reproduce it.
I can import by gpg --import key-uids-sec.pgp
I tested with Debian's libgcrypt, as well as libgcrypt master (4a50c6b8).

With Debian's GnuPG 2.2.12, I got an error:

gpg: key 71081A29D1B04CA3/71081A29D1B04CA3: error sending to agent: Bad secret key

IIUC, it is an issue of GnuPG 2.2.
The condition is where the secret 'd' starts by the first bit = 1 (that is, >= 0x80).
I located the bug in agent/cvt-openpgp.c. The function do_unprotect calls convert_secret_key with skey[1] as usual MPI (not opaque),
and gcry_sexp_build with "(d%m)" will put additional 0x00 at the beginning, which results 33-byte secret in R_KEY. Then, when gcry_pk_testkey is called with R_KEY, when it checks, because 32-byte is expected, it returns GPG_ERR_INV_OBJ. Then, do_unprotect returns GPG_ERR_BAD_PASSPHRASE.

werner triaged this task as High priority.Thu, Oct 29, 9:23 AM
werner added a subscriber: werner.

In short eddsa secret keys generated with current 2.3 can't be imported with 2.2, right? That will lead to a compatibility problem, so we need to fix that in 2.2.

I think that it may occur with eddsa secret keys generated with 2.2, too. (In the 50% probability)

Actually, with 2.2, I tested a key cannot be imported.
With GPG=/usr/bin/gpg (system installed version on Debian), I did:

while export GNUPGHOME=$(mktemp -d) && $GPG --batch --passphrase '' --quick-gen-key "test <t@gniibe.org>" ed25519 && $GPG -o e.gpg --export-secret-key test && rm $GNUPGHOME/private-keys-v1.d/* && $GPG --import e.gpg; do rm e.gpg; date; done
gniibe changed the task status from Open to Testing.EditedFri, Oct 30, 2:23 AM
gniibe added a project: Testing.

Fixed in 2.2 branch.
Also, I found another issue of libgcrypt master, which is fixed in rC361a0588489c: ecc: Handle removed zeros at the beginning for Ed25519..
Further, I found different issue, and created T5116: GnuPG master shows an error when importing Ed25519 keys generated.

werner edited projects, added gnupg; removed gnupg (gpg22).Mon, Nov 23, 1:43 PM

Its done for 2.2 thus changing the tag.