gpg-agent SSH agent returned incorrect signature type
Werner Koch
wk at gnupg.org
Tue Nov 5 20:53:41 CET 2019
On Tue, 5 Nov 2019 17:49, Sebastian Wiesinger said:
> debug3: sign_and_send_pubkey: signing using rsa-sha2-512
AFAICS that method is not supported. We support "ssh-rsa" and
"ssh-rsa-cert-v01 at openssh.com" but not this method. However, I do not
have the debug out of gpg-agent so I can't tell for sure. Please put
--8<---------------cut here---------------start------------->8---
log-file /somewhere/gpg-agent.log
verbose
--8<---------------cut here---------------end--------------->8---
into ~/.gnupg/gpg-agent.conf and "gpgconf --kill gpg-agent". In case
this reveals nothing it may be nessary to add a line "debug crypto" but
that would reveal key material if not only used with the Yubikey.
Anyway, I would suggest to use an EC algorithm; they are much faster.
The Yubikey only supports the NIST curves and thus ecdsa-sha2-nistp256
or ecdsa-sha2-nistp521 would be approriate.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191105/5d15f708/attachment.sig>
More information about the Gnupg-users
mailing list