Hi On Sat, Jun 21, 2014 at 2:32 AM, Werner Koch <w...@gnupg.org> wrote: > On Sat, 21 Jun 2014 06:22, anatol.pomo...@gmail.com said: > >> Our users claim that this stated since libgcrypt 1.6.0 update. With >> libgcrypt 1.5+ gpg-agent worked without a problem. Some people tried > > Which Libgcrypt version is that? 1.6.0 or 1.6.1 ?
The latest stable i.e. 1.6.1. I looked at list of API changes for libgcrypt 1.6.0 http://upstream-tracker.org/changelogs/libgcrypt/1.6.0/changelog.html and see "The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now deprecated. Use GCRY_PK_ECC if you need an algorithm id.". The libgcrypt functions such as gcry_pk_map_name() return GCRY_PK_ECC instead of GCRY_PK_ECDSA. So I modified gnupg 2.0.23 sources with this patch: diff --git a/common/ssh-utils.c b/common/ssh-utils.c index d8f057d..987966f 100644 --- a/common/ssh-utils.c +++ b/common/ssh-utils.c @@ -89,7 +89,7 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, elems = "pqgy"; gcry_md_write (md, "\0\0\0\x07ssh-dss", 11); break; - case GCRY_PK_ECDSA: + case GCRY_PK_ECC: /* We only support the 3 standard curves for now. It is just a quick hack. */ elems = "q"; Now I am able to add a ECDSA via ssh-add: [anatol@foo gnupg]$ ps ax | grep agent 8921 ? Ss 0:00 gpg-agent --daemon --enable-ssh-support [anatol@foo gnupg]$ echo $SSH_AUTH_SOCK /tmp/gpg-MQPevx/S.gpg-agent.ssh [anatol@foo gnupg]$ echo $SSH_AGENT_PID 8921 [anatol@foo gnupg]$ ssh-add -l 2048 f4:a7:bd:43:fc:aa:ab:f2:f2:ff:6b:f3:9b:37:96:be /home/anatol/.ssh/id_rsa (RSA) 521 87:e8:e1:f6:1b:64:aa:58:ff:97:1a:20:5d:91:46:d7 /home/anatol/.ssh/id_ecdsa (ECDSA) I do not know if there are other libgcrypt 1.6 related problems. But at least I can 'ssh' into my machine without typing the passphrase now. >> http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=21dab64030c95a909767bf6d8f99e8476f9df8a2 >> that fixes ECC for libgcrypt 1.6. gnupg developers, do you think that > > That is not releated. The ssh-agent support is implemented in gpg-agent > and thus not affected by this patch. > > > Salam-Shalom, > > Werner > > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
