GnuPG fails to import back generated and exported EdDSA secret key.
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	onickolay
	Oct 28 2020, 11:54 AM

Description

Using 2.3.0-beta version (not sure which commit exactly, sorry - updated to beta1448 to check whether problem persists), did the following:

generated EdDSA primary key + subkey in a clean and empty home directory
added some userids for testing
exported public and secret keys
deleted directory, and created a new one
trying to import secret key.

It doesn't accept it, telling that password is invalid.
However, using our rnp implementation and the same password key is used correctly, able to sign, and the signature is valid for both GnuPG and rnp.
Password used: 'password'.
Secret key is attached (it's just for testing purposes, so may be freely shared).

key-uids-sec.pgp901 BDownload

Details

Version: 2.3.0-beta1448

Revisions and Commits

rG GnuPG
	rGba321b60bc3b agent: Fix secret key import for Ed25519.

Related Objects
Search...

Status	Assigned	Task
Resolved	• gniibe	T5114 GnuPG fails to import back generated and exported EdDSA secret key.
Resolved	• gniibe	T5116 GnuPG master shows an error when importing Ed25519 keys generated
Resolved	• gniibe	T5120 Incompatible Ed25519 secret key (no-encryption)
Resolved	• gniibe	T5331 Possibly incompatible Ed25519 signature between other implementations and 2.3-bata

Event Timeline

onickolay created this task.Oct 28 2020, 11:54 AM

• werner added a project: gnupg (gpg23).Oct 28 2020, 5:01 PM

With bata1449, I cannot reproduce it.
I can import by gpg --import key-uids-sec.pgp
I tested with Debian's libgcrypt, as well as libgcrypt master (4a50c6b8).

With Debian's GnuPG 2.2.12, I got an error:

gpg: key 71081A29D1B04CA3/71081A29D1B04CA3: error sending to agent: Bad secret key

• gniibe edited projects, added gnupg (gpg22), gpgagent; removed gnupg (gpg23).Oct 29 2020, 7:26 AM

IIUC, it is an issue of GnuPG 2.2.
The condition is where the secret 'd' starts by the first bit = 1 (that is, >= 0x80).
I located the bug in agent/cvt-openpgp.c. The function do_unprotect calls convert_secret_key with skey[1] as usual MPI (not opaque),
and gcry_sexp_build with "(d%m)" will put additional 0x00 at the beginning, which results 33-byte secret in R_KEY. Then, when gcry_pk_testkey is called with R_KEY, when it checks, because 32-byte is expected, it returns GPG_ERR_INV_OBJ. Then, do_unprotect returns GPG_ERR_BAD_PASSPHRASE.

In short eddsa secret keys generated with current 2.3 can't be imported with 2.2, right? That will lead to a compatibility problem, so we need to fix that in 2.2.

I think that it may occur with eddsa secret keys generated with 2.2, too. (In the 50% probability)

Actually, with 2.2, I tested a key cannot be imported.
With GPG=/usr/bin/gpg (system installed version on Debian), I did:

while export GNUPGHOME=$(mktemp -d) && $GPG --batch --passphrase '' --quick-gen-key "test <t@gniibe.org>" ed25519 && $GPG -o e.gpg --export-secret-key test && rm $GNUPGHOME/private-keys-v1.d/* && $GPG --import e.gpg; do rm e.gpg; date; done

• gniibe created subtask T5116: GnuPG master shows an error when importing Ed25519 keys generated.Oct 30 2020, 12:55 AM

• gniibe added a commit: rGba321b60bc3b: agent: Fix secret key import for Ed25519..Oct 30 2020, 2:22 AM