Package: gnupg-agent Version: 2.0.9-2 Severity: normal
There's a problem with gnupg-agent 2.0.9-2 in lenny (i386). I recently created new SSH keys and tried adding them to the gnupg-agent with ssh-add. This worked fine for one (with a custom name, not id_rsa). Every time I tried to add an additional key named "id_rsa" however it failed after entering the passphrase for protecting the key material in gnupg. The key itself worked without any problem. - I executed ssh-add and entered the passphrase to decrypt the ssh key. - I saw the pinentry dialog and entered a passphrase. - Then a new dialog with a nice red/green bar for passphrase quality opened. I entered my passphrase again. - This time a message box opened saying "not allowed characters in passphrase: <insanely high negative number> of 1 tries" (the message was in german, I use the german localization of Debian.). [ I think the thing with this negative number may well be another, unrelated bug ] - This number was incremented on every time I pressed enter. Aha. - Then I pressed 'cancel'. - The key was stored in ~/.gnupg/private-keys-v1.d/ and also listed in ~/.gnupg/sshcontrol. - I tried to set the passphrase directly interacting with gpg-connect-agent after the above procedure, which worked. This key however did not work anymore (although the passphrase was accepted). The SSH server log complained with a message saying it couldn't decrypt some packet. I am very sorry I don't have the exact message anymore. Hum. I've tried to add different new generated keys and also tried out pinentry-curses (usually I use pinentry-gtk-2), but none made a difference. Please note that all keys I tried were 4096 bit RSA keys. Well, I haven't encountered such a problem before, so I downgraded gnupg-agent to version 2.0.0-5.2 from etch. Adding the key and using it worked fine with this version. I updated to 2.0.9-2 for using the key in an SSH connection and it worked. Praise. Well, I haven't encountered such a problem before, so I downgraded gnupg-agent to version 2.0.0-5.2 from etch. Adding the key and using it worked fine with this version. I updated to 2.0.9-2 for using the key in an SSH connection and it worked. Praise. My conclusion is therefore that there is some bug in the key adding procedures in gnupg-agent in lenny. I wasn't able to narrow it down any more. I would guess, since the key is identified correctly on attempting an SSH connection but then some crypto failes, that there is some error while storing the key encrypted with the passphrase in gnupg which destroys it partly. Because I haven't seen this fancy new quality bar before maybe there is some confusion in gnupg whether it is handling an SSH or a GnuPG key. Software I use (up to date Debian Lenny): - linux 2.6.25.3 self compiled - gnupg2 2.0.9-2 - libgcrypt11 1.4.1-1 - pinentry-gtk2 0.7.5-2 - pinentry-curses 0.7.5-2 I hope you can do something with this information and keep on your very good work. If you need further information please don't hesitate to contact me. With kind regards, Benjamin -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.25.3 (PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gnupg-agent depends on: ii libc6 2.7-10 GNU C Library: Shared libraries ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr ii libgpg-error0 1.4-2 library for common error values an ii libpth20 2.0.7-10 The GNU Portable Threads ii libreadline5 5.2-3 GNU readline and history libraries ii pinentry-curses [pinentry] 0.7.5-2 curses-based PIN or pass-phrase en ii pinentry-gtk2 [pinentry] 0.7.5-2 GTK+-2-based PIN or pass-phrase en Versions of packages gnupg-agent recommends: ii gnupg 1.4.6-2.2 GNU privacy guard - a free PGP rep ii gnupg2 2.0.9-2 GNU privacy guard - a free PGP rep ii gpgsm 2.0.9-2 GNU privacy guard - S/MIME version -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
