gpgsm --gen-key with existing key from "ssh-add" fails
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Mar 30 01:06:35 CEST 2020
On Sun 2020-03-29 18:16:03 +0200, Werner Koch wrote:
> Better don't use Nettle's tool because it encodes un("|....|") but GnuPG
> only implements only hex encoding ("#...#"). Binary output would thus
> be easier to analyze, or put
>
> enable-extended-key-format
if gpg can't read base64-encoded s-expressions, nettle's sexp-conv can
also use hex encoding insteadwith "-s hex", fwiw.
Anyway, I can't imagine that the format used by nettle-sexp is the issue
here, but to avoid confusion, i've repeated the experiment using
enable-extended-key-format (see the postscript here for examples).
The point of the bug report has to do with gpgsm, and it failing to
generate an X.509 certificate as expected, though. The initial report
includes enough to reproduce the bug. Have you been unable to reproduce
it?
export GNUPGHOME=$(mktemp -d)
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
echo enable-extended-key-format > $GNUPGHOME/gpg-agent.conf
gpgconf --start gpg-agent
ssh-keygen -f test.key -N ''
ssh-add test.key
grip=$(ls $GNUPGHOME/private-keys-v1.d | cut -f1 -d.)
gpgsm --gen-key
(in gpgsm, select "existing key" and put in the generated keygrip)
I started trying to write up a --batch generation script to make a
fully-automated reproducer for this bug report, but i ran into a
different bug (https://dev.gnupg.org/T4895) so i gave up.
Regards,
--dkg
PS here is the extended-key format, and an OpenSSH private key that was
added via ssh-add:
Key: (private-key (rsa (n #009DFE0B31B096178536EB8EB18C81899D54B65C5D21
740B87E0F58215F7F72C94E1F3530493DB12681C9FABA527E79FD45D55C572A57AD7AA
BE6D8E918E1612680393560E5E6532F6180DCA442F54C7CE2D4A8D40B3E94B5323CDE8
6E366F973CFABC4A5104C7A64B84DD9CCC1608EA33F18B1C930006104393A3E059943F
901B1275E4B2CA8D3156F09BD0074B5EE928449A59E8DF36353BDFAA82F64DBC9BA87B
C054935E0A8A601F84F027E41605238E43D3E1FD371ED3B1ABD4D69322A221D6D3087F
655783B1556AE64F1BC7D705BEB8F516F0E2E5A79535B903AF259AC3DB5E03DBEF4A4D
139CC9F54CA2AD6277A54C20AC0B640D03F582897F4A537D275067B5AFE271189D7FB5
2530DE07493FD815E1C66B24823C4C0B1C9CD8ED76AD9F9363EB597BB2F1825C63A1D8
8D8FF54C00D5EC1297B763EDA472DBF95625E2D404B88A4099CD35486F8F9E44135307
A10073146246F1D81B7ED323C93DB53C9E592CB79C5F97ABC042E4C3FCBB6B7286364C
EAFE3AE3DA1BC0C5CCCE636763#)(e #010001#)(d
#7CB3D802106F67812E281F28E4CE19E0A4CC8B7AB6BCF19CFE62C99AAD6DDB326865
B65116A3039449837DE78DE7B4AFDA3BA8ED24D0210A13E445737DC2CE246B2E0FEEA7
73191645461D30546B8689A6160207DFF9740ADB67DADDA2F9D155C0527E1614BFC0F2
3A9CF0F5E52E842D1BA9C19405A0C3959322F621BE71AD3CB1057CCDE2322F8F7FBA7C
2845C55423048310144E9A6ACA27705E8E2A2D846F27BE57033A66F771876F565F2618
7B55E52484490BA44620B14BFF629E1FE7F7B0060F820CBC2F200CF370A9CE830F108B
B81C66D30515DACA0C1E774109A89E32E041EA699D07A7A8FB5AD02D4CE26AFB095108
85937D87E7FFD7867BE48E049654F84D224CEC9DE0D5A86C4A5DF0B4343AA8416CD138
6DE929F8D7C0C46D126472ED867AB15B348017C98BFF6B351116FC643EC182AF156E12
5EC3E4D9DC8D6D61F52A4861603254F786B7BF0947C13A9D4F77C116B98651FDEE7524
D976E4C4735EEAD6F8F6A8BEF01006FC668BA3D3EE03F43996BCDD21278A18F0C27A81
#)(p #00C2EA695EDDD0D35DB9EA10B91D0085A2E8B5F3636612A3212291B90285D988
E757C9ACFBAC40E05A9ED9917F846DB13A0A9D4A2507FEBEA984BF8EC51D1E09F6F085
78EA998684C5787DE290779323CBB1AC8BACC8FC17D60C3A7C563B3949560E99C59CD5
2DE7C2CE35733AAC6B7C14BA8BABFD5FCB75FAB50C1296050D1F113A67BFBBF658E3BC
BC1AA3A7BEBB053E701A8E43EE851D4C954475374C57B29F0B4F673D3BB598AA9FAEAB
F3BE9E88DF66C4D173249A2191B4743A97D028F16F#)(q
#00CF815E64E21EE6592B71026AD827100ABB0BEA07E01D42EBF6214E24523AFF5F6D
2D9D602A4B7517C57760F9065996333E69BAF66441BCC1FC2A50ED3BA50CAE2CEBE78F
12269A99A4EE86290E96B1D5D6856278DDB0D29BED811DB19FDC55744D67C0B476E213
35DA7EC8F370E868F0441BA185FD4D66964A5F7576A2576E5AC697A76C82BB9A95FA95
DF9D2C6AB850953B0B96CDCBD5828504EA7589BBAB0C2330DF1029D9AD1ECB18B36F05
E7A24E3C41C65D55F88A9905A48A412233474D#)(u
#00B6159877B4D68ACEE41836ABCE62C34CE2B56FF2080FCF0646FB53A55B6E23B38E
F70BB54C2B394DA1A68A32FD44F04C2E69DBAEBAEC46D1F41E1CA0811B770CF94D8943
9B8EC36946F22100D494C02F161ED155B6D7F0516D9978C90DF6AB0B6AA334BE6B4DF5
5FEC50B5F5A71BAEE5726040E55E9D2533D37638FDCEB49B673B184B0CE1FDED29AB6D
C20FC3EF72F9DC57C938CBACC2E59E61113D6259AF246B198484CA931667FA1176EE0C
E39A83BB9099FD86C0D8AFE0F0D0A882022059#))(comment "dkg at alice"))
i had used ssh-add on this key:
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAnf4LMbCWF4U2646xjIGJnVS2XF0hdAuH4PWCFff3LJTh81MEk9sS
aByfq6Un55/UXVXFcqV616q+bY6RjhYSaAOTVg5eZTL2GA3KRC9Ux84tSo1As+lLUyPN6G
42b5c8+rxKUQTHpkuE3ZzMFgjqM/GLHJMABhBDk6PgWZQ/kBsSdeSyyo0xVvCb0AdLXuko
RJpZ6N82NTvfqoL2TbybqHvAVJNeCopgH4TwJ+QWBSOOQ9Ph/Tce07Gr1NaTIqIh1tMIf2
VXg7FVauZPG8fXBb649Rbw4uWnlTW5A68lmsPbXgPb70pNE5zJ9UyirWJ3pUwgrAtkDQP1
gol/SlN9J1Bnta/icRidf7UlMN4HST/YFeHGaySCPEwLHJzY7Xatn5Nj61l7svGCXGOh2I
2P9UwA1ewSl7dj7aRy2/lWJeLUBLiKQJnNNUhvj55EE1MHoQBzFGJG8dgbftMjyT21PJ5Z
LLecX5erwELkw/y7a3KGNkzq/jrj2hvAxczOY2djAAAFgHsPPvF7Dz7xAAAAB3NzaC1yc2
EAAAGBAJ3+CzGwlheFNuuOsYyBiZ1UtlxdIXQLh+D1ghX39yyU4fNTBJPbEmgcn6ulJ+ef
1F1VxXKleteqvm2OkY4WEmgDk1YOXmUy9hgNykQvVMfOLUqNQLPpS1MjzehuNm+XPPq8Sl
EEx6ZLhN2czBYI6jPxixyTAAYQQ5Oj4FmUP5AbEnXkssqNMVbwm9AHS17pKESaWejfNjU7
36qC9k28m6h7wFSTXgqKYB+E8CfkFgUjjkPT4f03HtOxq9TWkyKiIdbTCH9lV4OxVWrmTx
vH1wW+uPUW8OLlp5U1uQOvJZrD214D2+9KTROcyfVMoq1id6VMIKwLZA0D9YKJf0pTfSdQ
Z7Wv4nEYnX+1JTDeB0k/2BXhxmskgjxMCxyc2O12rZ+TY+tZe7LxglxjodiNj/VMANXsEp
e3Y+2kctv5ViXi1AS4ikCZzTVIb4+eRBNTB6EAcxRiRvHYG37TI8k9tTyeWSy3nF+Xq8BC
5MP8u2tyhjZM6v4649obwMXMzmNnYwAAAAMBAAEAAAGAfLPYAhBvZ4EuKB8o5M4Z4KTMi3
q2vPGc/mLJmq1t2zJoZbZRFqMDlEmDfeeN57Sv2juo7STQIQoT5EVzfcLOJGsuD+6ncxkW
RUYdMFRrhommFgIH3/l0Cttn2t2i+dFVwFJ+FhS/wPI6nPD15S6ELRupwZQFoMOVkyL2Ib
5xrTyxBXzN4jIvj3+6fChFxVQjBIMQFE6aasoncF6OKi2Ebye+VwM6Zvdxh29WXyYYe1Xl
JIRJC6RGILFL/2KeH+f3sAYPggy8LyAM83CpzoMPEIu4HGbTBRXaygwed0EJqJ4y4EHqaZ
0Hp6j7WtAtTOJq+wlRCIWTfYfn/9eGe+SOBJZU+E0iTOyd4NWobEpd8LQ0OqhBbNE4bekp
+NfAxG0SZHLthnqxWzSAF8mL/2s1ERb8ZD7Bgq8VbhJew+TZ3I1tYfUqSGFgMlT3hre/CU
fBOp1Pd8EWuYZR/e51JNl25MRzXurW+PaovvAQBvxmi6PT7gP0OZa83SEnihjwwnqBAAAA
wQC2FZh3tNaKzuQYNqvOYsNM4rVv8ggPzwZG+1OlW24js473C7VMKzlNoaaKMv1E8Ewuad
uuuuxG0fQeHKCBG3cM+U2JQ5uOw2lG8iEA1JTALxYe0VW21/BRbZl4yQ32qwtqozS+a031
X+xQtfWnG67lcmBA5V6dJTPTdjj9zrSbZzsYSwzh/e0pq23CD8PvcvncV8k4y6zC5Z5hET
1iWa8kaxmEhMqTFmf6EXbuDOOag7uQmf2GwNiv4PDQqIICIFkAAADBAM+BXmTiHuZZK3EC
atgnEAq7C+oH4B1C6/YhTiRSOv9fbS2dYCpLdRfFd2D5BlmWMz5puvZkQbzB/CpQ7TulDK
4s6+ePEiaamaTuhikOlrHV1oVieN2w0pvtgR2xn9xVdE1nwLR24hM12n7I83DoaPBEG6GF
/U1mlkpfdXaiV25axpenbIK7mpX6ld+dLGq4UJU7C5bNy9WChQTqdYm7qwwjMN8QKdmtHs
sYs28F56JOPEHGXVX4ipkFpIpBIjNHTQAAAMEAwuppXt3Q01256hC5HQCFoui182NmEqMh
IpG5AoXZiOdXyaz7rEDgWp7ZkX+EbbE6Cp1KJQf+vqmEv47FHR4J9vCFeOqZhoTFeH3ikH
eTI8uxrIusyPwX1gw6fFY7OUlWDpnFnNUt58LONXM6rGt8FLqLq/1fy3X6tQwSlgUNHxE6
Z7+79ljjvLwao6e+uwU+cBqOQ+6FHUyVRHU3TFeynwtPZz07tZiqn66r876eiN9mxNFzJJ
ohkbR0OpfQKPFvAAAACWRrZ0BhbGljZQE=
-----END OPENSSH PRIVATE KEY-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20200329/003f79dd/attachment.sig>
More information about the Gnupg-devel
mailing list