Broken ECDSA in gnupg 2.0.23
Anatol Pomozov
anatol.pomozov at gmail.com
Wed Jun 25 03:53:06 CEST 2014
Hi Werner
On Mon, Jun 23, 2014 at 4:19 AM, Werner Koch <wk at gnupg.org> wrote:
> On Sat, 21 Jun 2014 15:14, anatol.pomozov at gmail.com said:
>
>> The libgcrypt functions such as gcry_pk_map_name() return GCRY_PK_ECC
>> instead of GCRY_PK_ECDSA. So I modified gnupg 2.0.23 sources with this
>> patch:
>
> Thanks. Applied.
Thanks for applying it! But I do not think this is enough to fix all
the ECDSA issues with the latest gcrypt. At least 'ssh-add -D' and
'ssh-add -d ..' do not work correctly. I used ssh-add from openssh and
I see errors like 'Error reading response length from authentication
socket.'
Could anyone who has more experience with gnupg sources than me check
other ssh-add usecases? Or even better to add a unit test to avoid
issues like this in the future.
# here is the use-case
# build the latest gnupg with latest libgcrypt
ssh-add ~/.ssh/id_ecdsa
ssh-add -l
ssh-add -d ~/.ssh/id_ecdsa
ssh-add -D
More information about the Gnupg-users
mailing list