Page MenuHome GnuPG

sshProject
ActivePublic

Recent Activity

Mon, Sep 13

FierzvID added a member for ssh: FierzvID.
Mon, Sep 13, 10:47 PM

Thu, Sep 9

werner added a project to T5494: gpg-agent doesn't support security-key (sk) key types: gnupg (gpg23).

Interesting idea.

Thu, Sep 9, 1:03 PM · gnupg (gpg23), Feature Request, ssh
rhansen added a comment to T5494: gpg-agent doesn't support security-key (sk) key types.

How difficult would it be to teach gpg-agent to fall back to another SSH agent if given an unsupported key?

Thu, Sep 9, 11:13 AM · gnupg (gpg23), Feature Request, ssh

Aug 13 2021

werner changed the edit policy for ssh.
Aug 13 2021, 11:15 PM

Jun 18 2021

werner triaged T5494: gpg-agent doesn't support security-key (sk) key types as Low priority.

ggp-agent has no support for U2F and it can't work with these key types. Given that Yubikeys also have proper keys (even eddsa) I doubt that we will implement support for ecdsa-sk OpenSSH feature any time soon,

Jun 18 2021, 11:31 PM · gnupg (gpg23), Feature Request, ssh
svenschwermer updated the task description for T5494: gpg-agent doesn't support security-key (sk) key types.
Jun 18 2021, 7:50 PM · gnupg (gpg23), Feature Request, ssh
svenschwermer created T5494: gpg-agent doesn't support security-key (sk) key types.
Jun 18 2021, 7:48 PM · gnupg (gpg23), Feature Request, ssh

Feb 17 2021

gniibe closed T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation) as Resolved.
Feb 17 2021, 9:02 AM · Testing, ssh, Bug Report

Feb 10 2021

werner lowered the priority of T2760: Populate comment field when exporting authentication key for SSH from Normal to Wishlist.
Feb 10 2021, 11:05 AM · ssh, gnupg (gpg23), Feature Request

Jan 8 2021

werner closed T5167: GnuPG 2.25 still have problems related to Yubikey NEO. as Resolved.
Jan 8 2021, 9:58 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Jan 7 2021

jgentil added a comment to T5084: Using GPGWin 3.1.13, Putty fails to load the private key from a YubiKey.

I'm also getting this same error with GPG4Win 3.1.14.

Jan 7 2021, 4:10 PM · gnupg, ssh, Bug Report, gpg4win

Jan 6 2021

rupor-github added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I wrote https://github.com/rupor-github/win-gpg-agent to simplify usage on Windows until this issue is resolved - it handles various edge cases on Windows.

Jan 6 2021, 7:25 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Jan 5 2021

werner triaged T4992: ssh Yubikey not recognized, but Yubikey works with GPG well as Normal priority.
Jan 5 2021, 9:35 AM · ssh, yubikey, Bug Report, gpg4win

Dec 23 2020

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Already have set another, thanks gnibe! See ya!

Dec 23 2020, 2:27 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Please change your passphrase for your card, BTW.

Dec 23 2020, 1:31 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe changed the status of T5167: GnuPG 2.25 still have problems related to Yubikey NEO. from Open to Testing.
Dec 23 2020, 1:30 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Good. The error recovery worked well.

Dec 23 2020, 1:30 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 22 2020

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..
$ gpg --card-status
$ gpgconf --kill scdaemon
$ git fetch << (Used my PIN, I have reverted to my previous code other day, is not anymore 123456)

Dec 22 2020, 5:43 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 21 2020

gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Thank you for your testing.
May I ask more test, please?

Dec 21 2020, 1:31 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 20 2020

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Hi, I have applied both patch and appears Yubikey is now working correct. I have uploaded the log here.

Dec 20 2020, 2:19 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 16 2020

gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Nice, I gonna apply the patch and see if resolves for me!

Dec 16 2020, 3:55 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Nice, I gonna apply the patch and see if resolves for me!

Dec 16 2020, 3:25 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 10 2020

gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

With my Yubikey NEO, when I use OTP (touching the button to generate OTP output as key input), I observed "card eject" event:

2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: interrupt callback 0 (2)
2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: NotifySlotChange: 02
2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: card removed
2020-12-10 11:23:05 scdaemon[7254] DBG: enter: apdu_get_status: slot=0 hang=0
2020-12-10 11:23:05 scdaemon[7254] DBG: leave: apdu_get_status => sw=0x1000c status=0
2020-12-10 11:23:05 scdaemon[7254] DBG: Removal of a card: 0
Dec 10 2020, 3:46 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 9 2020

gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

I checked the development log for the addition of:

libusb_clear_halt (handle->idev, handle->ep_intr);
Dec 9 2020, 4:35 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

I have another yubikey neo but its clean. Can it help it?

Dec 9 2020, 1:30 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

I have another yubikey neo but its clean. Can it help it?

Dec 9 2020, 12:57 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Changing modes will I lose/change my OTP and FIDO codes?

Dec 9 2020, 12:38 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 8 2020

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Changing modes will I lose/change my OTP and FIDO codes?

Dec 8 2020, 11:44 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe renamed T5167: GnuPG 2.25 still have problems related to Yubikey NEO. from GnuPG 2.25 still have problems related to Yubikey. to GnuPG 2.25 still have problems related to Yubikey NEO..
Dec 8 2020, 12:01 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe triaged T5167: GnuPG 2.25 still have problems related to Yubikey NEO. as High priority.
Dec 8 2020, 12:00 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Following device (a bit older than yours, I guess) works well:

DBG: ccid-driver: idVendor: 1050  idProduct: 0112  bcdDevice: 0334

When I configure it to OTP+FIDO+CCID, it also works for me, it is:

DBG: ccid-driver: idVendor: 1050  idProduct: 0116  bcdDevice: 0334
Dec 8 2020, 11:58 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Thanks a lot.
Let me explain the situation.

Dec 8 2020, 2:33 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 7 2020

gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Hi, I changed the PIN, killed the gpg-agent and scdaemon, edited the scdaemon.conf to include your instruction, after, I run the following commands:

Dec 7 2020, 3:10 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Thank you for the information.
In the log, the driver detects removal of card wrongly.
That's the cause of this problem.

Dec 7 2020, 5:38 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gbschenkel added a comment to T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Please show us the output of gpg --card-status, and your configuration if you have something special. Are you using Yubikey also for gpg's signing, or is it only for SSH?

Dec 7 2020, 5:12 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report
gniibe claimed T5167: GnuPG 2.25 still have problems related to Yubikey NEO..

Please show us the output of gpg --card-status, and your configuration if you have something special. Are you using Yubikey also for gpg's signing, or is it only for SSH?

Dec 7 2020, 2:44 AM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Dec 6 2020

werner added projects to T5167: GnuPG 2.25 still have problems related to Yubikey NEO.: scd, ssh, yubikey, gnupg (gpg22).

There is no caching for smardcard PINs. Once a key (or group of keys) on a hard has been used (i.e. PIN entered). that key can be used as long as the card has not been reset or powered-down. No rule without exception: Some cards may require that a PIN entry is required for each crypto operation. For example the OpenPGP card (which is implemented on a Yubikey) does this for the signing key but not for the authentication (ssh) key. To disable this for the signing key you use the "forcesig" command of gpg --card-edit.

Dec 6 2020, 5:00 PM · gnupg (gpg22), yubikey, ssh, scd, Bug Report

Nov 23 2020

werner edited projects for T5084: Using GPGWin 3.1.13, Putty fails to load the private key from a YubiKey, added: gnupg; removed gnupg (gpg22).

Removing 2.2 tag because it has been fixed in one of the last releases.

Nov 23 2020, 1:44 PM · gnupg, ssh, Bug Report, gpg4win

Oct 1 2020

bvieira added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@werner can you confirm if the environment I provided will work with OpenSSH support fully implemented?

Oct 1 2020, 5:49 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Sep 26 2020

werner claimed T5084: Using GPGWin 3.1.13, Putty fails to load the private key from a YubiKey.

That code in gnupg has not been touched in a very long time so this may be caused by some side effect.

Sep 26 2020, 2:29 PM · gnupg, ssh, Bug Report, gpg4win

Sep 11 2020

gniibe added a project to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation): Testing.
Sep 11 2020, 2:20 AM · Testing, ssh, Bug Report
gniibe changed the status of T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation) from Open to Testing.

Fixed in Gnuk 1.2.16, although it still has a limitation by the I/O buffer size.

Sep 11 2020, 2:19 AM · Testing, ssh, Bug Report

Sep 4 2020

bvieira added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

So, if there's no support for native OpenSSH yet, I'll wait for it. After it's supported, I should be able to get the scenery I described working, right?

Sep 4 2020, 1:52 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Unfortunately you can't pass extra arguments.

Sep 4 2020, 7:47 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
gniibe added a comment to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).

Thanks for your information. No debug output any more, as I already figured out things.

Sep 4 2020, 1:53 AM · Testing, ssh, Bug Report

Sep 3 2020

ccx added a comment to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).

In case of Ed25519 certificate signed by Ed25519 key with only few names and flags it seems to be just below 500 bytes. This could of course grow if names are added or larger public key is being signed.

Sep 3 2020, 5:14 PM · Testing, ssh, Bug Report
gpguser123 added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@bvieira You need to set pinentry-mode=loopback for gpg program used in git.

Sep 3 2020, 4:22 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
gniibe added a comment to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation).

Well, from the viewpoint of card specification, "a message M of arbitrary size" for Ed25519/Ed448 in RFC8032 is not good, because card has a limit for buffer size and the protocol in the OpenPGP card specification requires the steps of (1) the message M is buffered and then (2) the compute the signature.

Sep 3 2020, 3:15 AM · Testing, ssh, Bug Report

Sep 2 2020

bvieira added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I'm actually trying to do the following:

Sep 2 2020, 2:10 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
avemilia added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

In the meantime you can use [0]. I have tested with ssh key on yubikey and AuthenticationMethods publickey, win32-ssh (or ssh-portable, which is the new repository name) correctly works with gpg and pinentry is called. Despite it being called wsl, wsl environment is not required.

Sep 2 2020, 1:59 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request