Package: gnupg-agent
Version: 2.0.9-1
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
it's hard for me to tell if this is a bug or not, given the complete
lack of documentation for the gpgkey2ssh utility (see #380241). But
i'm pretty sure gpgkey2ssh is not supposed to be doing what it claims
it is doing.
In particular, if i take a standard RSA gpg key (4096 or 1024 bits in
the cases i've tested) and feed it to gpgkey2ssh, the resulting output
appears to be a 17-bit RSA key to OpenSSH, which is obviously wrong:
[0 [EMAIL PROTECTED] cdtemp.F22412]$ gpg --fingerprint CCD2ED94D21739E9 | head
-n2
pub 4096R/D21739E9 2007-06-02 [expires: 2012-05-31]
Key fingerprint = 0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9
[0 [EMAIL PROTECTED] cdtemp.F22412]$ gpgkey2ssh CCD2ED94D21739E9 >x
[0 [EMAIL PROTECTED] cdtemp.F22412]$ ssh-keygen -l -f x
17 a0:ad:92:70:16:92:a2:34:3a:7d:50:4a:55:90:78:ac x
[0 [EMAIL PROTECTED] cdtemp.F22412]$
(the leading 17 in the output of ssh-keygen -l is supposed to indicate
the bit-length of the public key).
My guess would be that the multi-precision integers (MPIs) are being
output in the wrong order or something, since i believe there is a
17-bit exponent used in most RSA keys (0x10001 or something like
that), as determined by:
gpg --export "$KEYID" | gpg --list-packets --debug 2 | grep pkey
Thanks for your work on gnupg2 in debian! It's much appreciated.
--dkg
- -- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-3-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages gnupg-agent depends on:
ii libc6 2.7-6 GNU C Library: Shared libraries
ii libgcrypt11 1.4.0-3 LGPL Crypto library - runtime libr
ii libgpg-error0 1.4-2 library for common error values an
ii libpth20 2.0.7-9 The GNU Portable Threads
ii libreadline5 5.2-3 GNU readline and history libraries
Versions of packages gnupg-agent recommends:
ii gnupg 1.4.6-2.1 GNU privacy guard - a free PGP rep
ii gnupg2 2.0.9-1 GNU privacy guard - a free PGP rep
ii gpgsm 2.0.9-1 GNU privacy guard - S/MIME version
ii pinentry-curses [pinentry] 0.7.5-1 curses-based PIN or pass-phrase en
ii pinentry-qt [pinentry] 0.7.5-1 Qt-based PIN or pass-phrase entry
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQIVAwUBR/K0rMzS7ZTSFznpAQLXcw//VTAvibgMtGnm1jmzRRAHR1ZqmFBKU+/z
+gCXrpwUNubDaYMbkMNKz8yvfwO0j3A8YX+eSsFf0BlAKE1hQVCU+xhi9fAOhmVh
i1ZEgijvfoirr9qeUH3ALux3pybw/ZM3JuVo9Ws/dWvCusqSc5//nnNXCg/ODMcU
TnkQJUGBgM7eXeDbRl2Sc0FTAP5HiRBzGmq0OpFL8h0XJbdxTvBe8IDq44BhDF3f
If688ef3OOexoRSBTFoikgNhfKPRaM1EEErbJLejrNXewjydtRJAxNjvEJIAhxwE
Ra0BMzS5UocHeIkIeW3r+jO4HU0c3sueYClev1YpzSPjmf5pkPh7n6qjkhud48md
AwAVZKaDhA9GQcKZvObQZGLa4v3EZ8yAGK8VMlHQWyk71z9A79oaEqxq8anPejr0
HMM5QdAxS4AxtPHp/yR/3gJlIJ/B4MOjBTZ1KzUj3T9veV8UnoTc4OSucN3LSSDH
5YBsGoWCwb9utvxw9GccQC2M/DXogEFM+gtUPH98qX0DB16+ORR9oaWDppZ8SWSu
ezTdttgoTzG6VFZPTQB0hhCe3hQB+WY0qjrMmQ46n6ZnAOMfGOKXJO87YpCsIgci
ntIhLJROrpkdkFjEMgMUMrCwDu0GCEU4q0VeyB/mhQNekERQODRPqufkR5lFV8U0
GRDsoHwQ4ZA=
=HOzd
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]