[Gnuk-users] Ed25519 SSH key not working for gnupg > 2.1.6
NIIBE Yutaka
gniibe at fsij.org
Fri May 6 00:01:39 UTC 2016
On 05/06/2016 02:48 AM, Jonathan Schleifer wrote:
> When I update to a gpg version newer than 2.1.6, I cannot use the
> Ed25519 auth key for SSH anymore. ssh will just fail with permission
> denied, as it can't find a usable key. ssh-add gives the following
> error message:
>
>> error fetching identities for protocol 2: invalid format
Sorry, I don't understand what's going on. It seems that there are
two (or more) different issues on your side. Please describe your
problem one by one, so that it can be reproducible, hopefully.
(1) Auth key on Gnuk Token
Ed25519 auth key on Gnuk Token works fine for me with GnupG 2.1.12 and
libgcrypt 1.7.0. If your shadowed secret key on host PC was created
by old version of GnuPG, it would be good to remove it and regenerate
again.
You can identify the key grip of your key by:
$ gpg-connect-agent "keyinfo --list" /bye
...
S KEYINFO 72E8E0D83FF6F53CECEB4ADA4986A1178F28850E T
D276000124010200FFFE872549450000 OPENPGP.3 - - - - -
...
Here, I found my auth key (OPENPGP.3 means auth key, while OPENPGP.1
is signing key, and OPENPGP.2 is decryption key) in the list. In the
output, 72E8E0D83FF6F53CECEB4ADA4986A1178F28850E is the keygrip.
Remove it:
$ rm
~/.gnupg/private-keys-v1.d/72E8E0D83FF6F53CECEB4ADA4986A1178F28850E.key
Then, regenerate it by:
$ gpg2 --card-status
You will get new
~/.gnupg/private-keys-v1.d/72E8E0D83FF6F53CECEB4ADA4986A1178F28850E.key
(2) Adding a key generated by OpenSSH
With gpg-agent ssh enabled, ssh-add also works fine for me, like:
$ ssh-keygen -t ed25519
$ ssh-add # for .ssh/id_ed25519
--
More information about the gnuk-users
mailing list