gpgsm --gen-key with existing key from "ssh-add" fails
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Mar 26 14:54:02 CET 2020
This was originally reported over on https://dev.gnupg.org/T4892, but it
was requested to move it to the mailing list, so i'm repeating it here.
This was reported by a user on the #gnupg IRC channel on freenode.
With a fresh GNUPGHOME, and gpg-agent acting as ssh-agent:
ssh-keygen -f ssh-key -N ''
ssh-add ssh-key
gpgsm --gen-key
then choose "existing key" and select the keygrip found in sshcontrol. The result is:
Create self-signed certificate? (y/N) y
These parameters are used:
Key-Type: RSA
Key-Length: 1024
Key-Grip: 0B4329C87AD80CDCCA1D04C9F0B4FE11378A6F74
Key-Usage: sign, encrypt
Serial: random
Name-DN: CN=Alice
Name-Email: alice at example.biz
Proceed with creation? (y/N) y
Now creating self-signed certificate. This may take a while ...
gpgsm: error setting the public key: Invalid S-expression
gpgsm: error creating certificate request: Invalid S-expression <KSBA>
note that the key created by ssh-key is 3072-bit RSA, not 1024.
Using nettle-bin's sexp-conv, i see:
2 dkg at alice:/tmp/cdtemp.6ckvQX$ sexp-conv < private-keys-v1.d/A61AD73FB26752B4DAB90F007E6F76467659A19B.key
(protected-private-key (rsa (n |AL3C+/cNPCsJ+xKZXOG/u+f1eGM/VsMA7Gs7y1w/
ki3y7fXeVCgV8KXaVQq/4ylfR04aXj3gsrmSDHYX
KYBo69OoGx8tLhhi20ugMAc1qlRuMgmQZDjYGc8U
m4ftOpwKoyKolfPV+PayoXQF0G7aeTC9+kmXxLfv
ZD5DL8UWx/nFTly+5LctlQGshN1+1AZ6U9f4qdRi
by2RpiMa7gdVD1M41RVm+Q2KoMYCs4WMeFgV4+Kj
vxU32O8lLMQ+RpB6Z7Ra/756FeXyATrY7Q2hTGAd
9V9X+vxupsX5MROlg1OfsSRClHVpK1kjiauM+0Zl
oxXEBorRn+qZ51SrimXBaYlAri0zBw0HWg/cc1Xx
pbxWqPrWh5rRrC+wukDG1XiM5LZdWBrZJiT0nYxZ
hzczd9jgjj45XpvcrgK6uiXUWpYPpyjCRAVP/sW1
ZVcm4x8RyYjuvwjh/vKg4F7kludEctnyavQI0utY
62nwESLUuQhKgNvN23Th20iVXGMWOik1GQ==|)
(e |AQAB|)
(protected openpgp-s2k3-sha1-aes-cbc
((sha1 |aFmt6IeekIM=|
"72943616") |cT9DP9U3fOSXE
elRUvQW1Q==|)
|2BrkPE2deaC3tf+d5rwG2x8QGdilAh+Z
WOoHa/KVlZhvBBIFCfA8g12DamARZTZd
MYIKcjIMDNTlj3I/xJZayzWcm5XliA0O
WqvZJnedJWvjanHLWIu4z5ik+T85fL7E
24/4nrQhTaTFtYo27cgdFgvGxeXbZx9f
VCAhF/Kf12NHDkVEI3qMRBFNd0ofGeTq
4xMtnGd0OfbSG2V51iK0GaexmW4ySkyt
LYpyfMK4Tx/AdwZQAUacJqSs1/ZkoB+R
hTAhW/EsWjHCYeuESZYizUZSuTX9vsGq
If/bVZctTkGQ8jG0qjSpDY9qc8Kjf1wH
ejN1L3qAvXwhDk1bSY+M5XuZ3WgYJgM5
1XL02xQnJl4Eq60lfO9wkRqZEe56PcF+
N4jpNwHcNAHHp58aROm9hsl7u3txAAu2
4d59iGbzkZZFC+3EkC8AxHvhpMCN2vnL
BH/3+THthzcJp4MA8GI5sGsjunHDesT4
LYifUnk99+5bFeCtnnPCNc9kTUDWR0lY
uGYJlmT7frIN+B2EYfaLvlVDlEkoUkM3
aNP8OyViQpQEoLqpTI73/pDMMqOgJWPv
9OgdPk21Ns0/MrKbHxnvKV1Kt7YOZiRI
e7eHjs5PKp2Dk2KxDggwh4B+49o1N+4q
ne/pizT8xNv0kfHaqFj6kfGSA2xevBUK
tLUFvrtenTLV/WtuiLiB56xdG2rDPrmO
VPyzw9B1j2AV2DEfQI6co88rUHO8pLVK
FFqy5nMFnekUrqLITwmSZFPYW24Cf9os
mpeZS/NXfbWITXY+A57mD4l5HGxq3+fu
E5yYNaYoBYkWHTiYDZjdDU5XzU+XoO9A
nFPYrP505dI5aN9QkOdH8HUFp7Qc+6za
j/2MwrULF1BwzT8Lk+Zi6tKE1/K7jH1G
kF5mDjvIfdJktcZU6pLzfIhLHG/egvzy
dzliIDdS72mvsv9l5bWwxqhRNehXn43D
lbSo8mGl1J70EXlXOlXaXnbW8tthlV9c
IXUR1LLHsY5tXuw2UU+aAzlHDxWWlO58
3UPhPUR+ESZCJ3c7uG1MPsIcphAOUVp1
AuqIwYEA77mBvHMjHO1nW+7AS+vyNMOK
iYCnHFZbvDCWHW+8VotsHwSc/8amILBy
AESAbZllfu6nNYNOf4ai2BScUZPu3jNx
/AhWiEK5Vqgv6xWrEi6Xx7/eTR0HhzXE
U0/s5yfl7Rh9ax+2xWz00VEo5l2xHASX
WDGTuhjREufMCgVwccxlMWMVLHiabYi8
rKCtWDJp6c/DgSbGNz6Jy1IL40LPqjaJ
viMmbQKnhmycMyCm+rVcKacVL1a9bYnZ
yqrOplQm4DThEGPSVXn36W+8uSfgosJI
ENvoCme0XnpozjnK5fBI3l1mLFcSvBtp
7RG57f5s/MPNb+5MvrgPSM5xEoeXgyfC|)
(protected-at "20200326T010201"))
(comment "test at host"))
Any suggestions on what is going wrong here?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20200326/90acb16e/attachment.sig>
More information about the Gnupg-devel
mailing list