Broken ECDSA in gnupg 2.0.23

Anatol Pomozov anatol.pomozov at
Wed Jun 25 03:53:06 CEST 2014

Hi Werner

On Mon, Jun 23, 2014 at 4:19 AM, Werner Koch <wk at> wrote:
> On Sat, 21 Jun 2014 15:14, anatol.pomozov at said:
>> The libgcrypt functions such as gcry_pk_map_name() return GCRY_PK_ECC
>> instead of GCRY_PK_ECDSA. So I modified gnupg 2.0.23 sources with this
>> patch:
> Thanks.  Applied.

Thanks for applying it! But I do not think this is enough to fix all
the ECDSA issues with the latest gcrypt. At least 'ssh-add -D' and
'ssh-add -d ..' do not work correctly. I used ssh-add from openssh and
I see errors like 'Error reading response length from authentication

Could anyone who has more experience with gnupg sources than me check
other ssh-add usecases? Or even better to add a unit test to avoid
issues like this in the future.

# here is the use-case
# build the latest gnupg with latest libgcrypt

ssh-add ~/.ssh/id_ecdsa
ssh-add -l
ssh-add -d ~/.ssh/id_ecdsa
ssh-add -D

More information about the Gnupg-users mailing list