Bug#879512: paperkey: Unable to parse algorithm 22 (ed25519)
On Oct 23, 2017, at 12:27 PM, Peter Palfrader wrote: > > On Mon, 23 Oct 2017, David Shaw wrote: > >> Hi Peter, >> >> I've added support for EdDSA to paperkey (it's a one-line fix - EdDSA and >> ECDSA have the same representation), so that's simple enough. >> >> The segfault is more troubling though - not supporting an algorithm >> (yet) is one thing, but paperkey should never segfault. >> Unfortunately, I can't reproduce the segfault with various ed25519 >> keys, both as themselves and in combinations like RSA primary and >> ed25519 subkey. Can you send me a test key that reproduces the issue >> for you? > > Sure, attached. Aha, thanks. That gave me what I needed. It didn't show up on my older build box, but does on the new one. Here is a version that adds EdDSA support as well as fixes the segfault that happens when the primary key is of a known type, but the subkey is not. http://www.jabberwocky.com/software/paperkey/paperkey-1.5.tar.gz http://www.jabberwocky.com/software/paperkey/paperkey-1.5.tar.gz.sig David
Bug#879512: paperkey: Unable to parse algorithm 22 (ed25519)
On Mon, 23 Oct 2017, David Shaw wrote: > Hi Peter, > > I've added support for EdDSA to paperkey (it's a one-line fix - EdDSA and > ECDSA have the same representation), so that's simple enough. > > The segfault is more troubling though - not supporting an algorithm > (yet) is one thing, but paperkey should never segfault. > Unfortunately, I can't reproduce the segfault with various ed25519 > keys, both as themselves and in combinations like RSA primary and > ed25519 subkey. Can you send me a test key that reproduces the issue > for you? Sure, attached. | weasel@orinoco:~/gpghome2$ gpg --import ~/fuse/sarek/test2.asc | gpg: WARNING: unsafe permissions on homedir '/home/weasel/gpghome2' | gpg: /home/weasel/gpghome2/trustdb.gpg: trustdb created | gpg: key 42FA0478A3CC80F1: public key "test2" imported | gpg: Total number processed: 1 | gpg: imported: 1 | weasel@orinoco:~/gpghome2$ gpg --import ~/fuse/sarek/test2-secret.asc | gpg: WARNING: unsafe permissions on homedir '/home/weasel/gpghome2' | gpg: key 42FA0478A3CC80F1: "test2" not changed | gpg: key 42FA0478A3CC80F1: secret key imported | gpg: Total number processed: 1 | gpg: unchanged: 1 | gpg: secret keys read: 1 | gpg: secret keys imported: 1 | weasel@orinoco:~/gpghome2$ gpg --list-key | gpg: WARNING: unsafe permissions on homedir '/home/weasel/gpghome2' | /home/weasel/gpghome2/pubring.kbx | - | pub rsa2048 2017-10-22 [SC] [expires: 2019-10-22] | ABBC80F0A6340158E0E4559B42FA0478A3CC80F1 | uid [ unknown] test2 | sub ed25519 2017-10-22 [S] [expires: 2017-10-29] | | weasel@orinoco:~/gpghome2$ gpg --list-secret-keys | gpg: WARNING: unsafe permissions on homedir '/home/weasel/gpghome2' | /home/weasel/gpghome2/pubring.kbx | - | sec rsa2048 2017-10-22 [SC] [expires: 2019-10-22] | ABBC80F0A6340158E0E4559B42FA0478A3CC80F1 | uid [ unknown] test2 | ssb ed25519 2017-10-22 [S] [expires: 2017-10-29] | | weasel@orinoco:~/gpghome2$ gpg --export-secret-keys test2 | paperkey | gpg: WARNING: unsafe permissions on homedir '/home/weasel/gpghome2' | # Secret portions of key ABBC80F0A6340158E0E4559B42FA0478A3CC80F1 | # Base16 data extracted Mon Oct 23 18:26:07 2017 | # Created with paperkey 1.3 by David Shaw | # | # File format: | # a) 1 octet: Version of the paperkey format (currently 0). | # b) 1 octet: OpenPGP key or subkey version (currently 4) | # c) n octets: Key fingerprint (20 octets for a version 4 key or subkey) | # d) 2 octets: 16-bit big endian length of the following secret data | # e) n octets: Secret data: a partial OpenPGP secret key or subkey packet as | # specified in RFC 4880, starting with the string-to-key usage | # octet and continuing until the end of the packet. | # Repeat fields b through e as needed to cover all subkeys. | # | # To recover a secret key without using the paperkey program, use the | # key fingerprint to match an existing public key packet with the | # corresponding secret data from the paper key. Next, append this secret | # data to the public key packet. Finally, switch the public key packet tag | # from 6 to 5 (14 to 7 for subkeys). This will recreate the original secret | # key or secret subkey packet. Repeat as needed for all public key or subkey | # packets in the public key. All other packets (user IDs, signatures, etc.) | # may simply be copied from the public key. | # | # Each base16 line ends with a CRC-24 of that line. | # The entire block of data ends with a CRC-24 of the entire block of data. | | 1: 00 04 AB BC 80 F0 A6 34 01 58 E0 E4 55 9B 42 FA 04 78 A3 CC 80 F1 8166A9 | 2: 02 8B 00 07 FC 0A 7F BF 22 0C 10 40 69 73 B6 03 55 D2 13 D0 87 9A 8522D9 | 3: DA 7F A0 8B 60 0B 03 77 ED 4B 55 CC B4 1E 78 5E A1 CF DB BF C9 CF 935E07 | 4: 87 9F 0B 05 07 5F EF 6F 08 75 E5 2A 86 7F 52 2A E2 2A 57 80 DD 76 026AF3 | 5: D6 82 7D 1E 90 67 17 FF DB 66 00 1B 68 AF 2F CF F2 D2 2A B4 C8 7C 54E93F | 6: D6 68 D8 23 59 53 F0 E7 E0 FF 7D B0 E6 08 48 2D DC D9 8E A6 4C 5C 75F7B8 | 7: 8C F2 75 BB EF 62 15 34 A5 C5 51 44 33 F2 1D E5 03 38 41 9C E4 2A 0DE30F | 8: D4 C4 2D AA 6F 1A A3 7B 46 7C 9F 1D D6 D8 7F 94 DD DC AD 82 33 34 6C95CF | 9: 9E 4F A3 34 11 4D D4 88 01 EE 87 7F F3 79 F9 09 C0 C9 4F 2A D9 F1 A99829 | 10: D2 8D 19 5F BF CF D8 5D E4 E4 B5 6F FE 37 3F 10 70 39 27 92 72 57 093A0C | 11: CB 52 F4 A3 71 83 73 8C B6 A0 31 EA 24 F6 85 9B 97 05 3B AB A6 65 756771 | 12: 12 3D 1D 14 DF 7D C1 4A D1 A2 C1 87 23 4B 16 71 3F 01 71 A6 99 1F CF90C3 | 13: 89 9A B9 3D E5 16 74 D7 DA F8 38 01 63 40 D5 2C 0E 2F 81 04 00 D1 8DD22C | 14: 94 CD BE CF 9A FD 7E 79 66 2C 0C E1 90 3E DB DD 18 82 95 79 8D B8 A54036 | 15: FC 23 B9 F4 83 C9 CE 9A 57 18 58 E9 42 71 39 C2 8C 7E B1 0A E1 4A 6B80DA | 16: A9 CC C1 F7 9B AA 9E 33 EC B1 8A E8 14 77 BA 54 76 EA EC 55 99 7A 36AE0D | 17: 23 1A 91 47 AF 02 BF B0 CB AB 0E C1 DE AF 68 EC FC DA C0 CB 49 19 253DEB | 18: B9 A9 D1 C1 7
Bug#879512: paperkey: Unable to parse algorithm 22 (ed25519)
Hi Peter, I've added support for EdDSA to paperkey (it's a one-line fix - EdDSA and ECDSA have the same representation), so that's simple enough. The segfault is more troubling though - not supporting an algorithm (yet) is one thing, but paperkey should never segfault. Unfortunately, I can't reproduce the segfault with various ed25519 keys, both as themselves and in combinations like RSA primary and ed25519 subkey. Can you send me a test key that reproduces the issue for you? David > On Oct 22, 2017, at 10:05 AM, Peter Palfrader wrote: > > Hi David! > > The following issue has been reported against the Debian package of > paperkey (1.3) at https://bugs.debian.org/879512 -- paperkey 1.4 is > also affected. > > It seems paperkey is unable to deal with ed25519 keys: > > | weasel@orinoco:~/gnupghome$ gpg --list-key > | /home/weasel/gnupghome/pubring.kbx > | -- > | pub ed25519 2017-10-22 [SC] [expires: 2019-10-22] > | 83EE1EE4EAA6BA37A4786292C66129D09E62C462 > | uid [ultimate] test1 > | > | pub rsa2048 2017-10-22 [SC] [expires: 2019-10-22] > | ABBC80F0A6340158E0E4559B42FA0478A3CC80F1 > | uid [ultimate] test2 > | > | weasel@orinoco:~/gnupghome$ gpg --export-secret-keys test1 | paperkey > | Unable to parse algorithm 22 > | e1:weasel@orinoco:~/gnupghome$ > > With an ed25519 master key, no segfault happens. With an rsa master and > an ed25519 subkey, I have observed segfaults, as also reported by Osamu > Aoki. > > Cheers, > > - Forwarded message from Osamu Aoki - > } > } Problem: paperkey causes "Segmentation fault" with ed25519 subkey. > } > } $ gpg --export-secret-key 1DD8D791 |paperkey >paper-secret-1DD8D791.txt > } Unable to parse algorithm 22 > } Segmentation fault > } > } (paperkey works fine with my old rsa1024 key w/o ed25519 subkey) > } > } How to reproduce: > } * Add a ed25519 subkey with "gpg --expert". > } * Execute paperkey as above (1DD8D791 is my key) > } > } FYI: > } $ gpg --list-keys 1DD8D791 > } pub rsa4096 2010-09-23 [SC] > }3133724D6207881579E95D621E1356881DD8D791 > } uid [ultimate] Osamu Aoki > } sub rsa4096 2010-09-23 [E] > } sub ed25519 2017-10-17 [A] > } $ gpg --edit-key 1DD8D791 > } gpg (GnuPG) 2.2.1; Copyright (C) 2017 Free Software Foundation, Inc. > } This is free software: you are free to change and redistribute it. > } There is NO WARRANTY, to the extent permitted by law. > } > } Secret key is available. > } > } sec rsa4096/1E1356881DD8D791 > } created: 2010-09-23 expires: never usage: SC > } card-no: FFFE 67240842 > } trust: ultimate validity: ultimate > } ssb rsa4096/A04CBCEEF08BEFAD > } created: 2010-09-23 expires: never usage: E > } card-no: FFFE 67240842 > } ssb ed25519/56F8269DCA1C3AD3 > } created: 2017-10-17 expires: never usage: A > } card-no: FFFE 67240842 > } [ultimate] (1). Osamu Aoki > } > } gpg> q > } > } Background: > } At Debconf17 gNiibe-san tempted me to use "Modern GPG" and ... I now > } have a subkey using algorithm 22 (ed25519) and Gnuk. That's why I have > } card-no in the above example and ed25519. > } > - End forwarded message - > > -- >| .''`. ** Debian ** > Peter Palfrader | : :' : The universal > https://www.palfrader.org/ | `. `' Operating System >| `-https://www.debian.org/ >
Bug#879512: paperkey: Unable to parse algorithm 22 (ed25519)
Hi, On Sun, Oct 22, 2017 at 02:05:22PM +, Peter Palfrader wrote: > Hi David! > > The following issue has been reported against the Debian package of > paperkey (1.3) at https://bugs.debian.org/879512 -- paperkey 1.4 is > also affected. > > It seems paperkey is unable to deal with ed25519 keys: > > | weasel@orinoco:~/gnupghome$ gpg --list-key > | /home/weasel/gnupghome/pubring.kbx > | -- > | pub ed25519 2017-10-22 [SC] [expires: 2019-10-22] > | 83EE1EE4EAA6BA37A4786292C66129D09E62C462 > | uid [ultimate] test1 > | > | pub rsa2048 2017-10-22 [SC] [expires: 2019-10-22] > | ABBC80F0A6340158E0E4559B42FA0478A3CC80F1 > | uid [ultimate] test2 > | > | weasel@orinoco:~/gnupghome$ gpg --export-secret-keys test1 | paperkey > | Unable to parse algorithm 22 > | e1:weasel@orinoco:~/gnupghome$ > > With an ed25519 master key, no segfault happens. With an rsa master and > an ed25519 subkey, I have observed segfaults, as also reported by Osamu > Aoki. > > Cheers, Thanks for checking problem to the latest version. I thought about the problem more. I am now wondering the raison d'etre of paperkey, too. It was important in GPG pre-2.1. But the newer GPG (>=2.1) seems to store each secret key as a file with the minimal content under ~/.gnupg/private-keys-v1.d/ identified by the keygrip. $ gpg --list-key --with-keygrip 1DD8D791 pub rsa4096 2010-09-23 [SC] 3133724D6207881579E95D621E1356881DD8D791 Keygrip = B20FCDB27DF54AFD0177AA666DD743F876A737D5 uid [ultimate] Osamu Aoki sub rsa4096 2010-09-23 [E] Keygrip = B94F91E2FC0B861EAB1144DE3FDAC204347F66EB sub ed25519 2017-10-17 [A] Keygrip = 6E3B850409CDBE1874B89AEA5A9A31FC190245B6 Then I know which file is which secret key... Restoring procedure described in paperkey is no more valid for the new GPG. It may be good idea to mark this command for gnupg1 (1.4). Then ed25519 may not need to be supported Osamu
Bug#879512: paperkey: Unable to parse algorithm 22 (ed25519)
Hi David! The following issue has been reported against the Debian package of paperkey (1.3) at https://bugs.debian.org/879512 -- paperkey 1.4 is also affected. It seems paperkey is unable to deal with ed25519 keys: | weasel@orinoco:~/gnupghome$ gpg --list-key | /home/weasel/gnupghome/pubring.kbx | -- | pub ed25519 2017-10-22 [SC] [expires: 2019-10-22] | 83EE1EE4EAA6BA37A4786292C66129D09E62C462 | uid [ultimate] test1 | | pub rsa2048 2017-10-22 [SC] [expires: 2019-10-22] | ABBC80F0A6340158E0E4559B42FA0478A3CC80F1 | uid [ultimate] test2 | | weasel@orinoco:~/gnupghome$ gpg --export-secret-keys test1 | paperkey | Unable to parse algorithm 22 | e1:weasel@orinoco:~/gnupghome$ With an ed25519 master key, no segfault happens. With an rsa master and an ed25519 subkey, I have observed segfaults, as also reported by Osamu Aoki. Cheers, - Forwarded message from Osamu Aoki - } } Problem: paperkey causes "Segmentation fault" with ed25519 subkey. } } $ gpg --export-secret-key 1DD8D791 |paperkey >paper-secret-1DD8D791.txt } Unable to parse algorithm 22 } Segmentation fault } } (paperkey works fine with my old rsa1024 key w/o ed25519 subkey) } } How to reproduce: } * Add a ed25519 subkey with "gpg --expert". } * Execute paperkey as above (1DD8D791 is my key) } } FYI: } $ gpg --list-keys 1DD8D791 } pub rsa4096 2010-09-23 [SC] }3133724D6207881579E95D621E1356881DD8D791 } uid [ultimate] Osamu Aoki } sub rsa4096 2010-09-23 [E] } sub ed25519 2017-10-17 [A] } $ gpg --edit-key 1DD8D791 } gpg (GnuPG) 2.2.1; Copyright (C) 2017 Free Software Foundation, Inc. } This is free software: you are free to change and redistribute it. } There is NO WARRANTY, to the extent permitted by law. } } Secret key is available. } } sec rsa4096/1E1356881DD8D791 } created: 2010-09-23 expires: never usage: SC } card-no: FFFE 67240842 } trust: ultimate validity: ultimate } ssb rsa4096/A04CBCEEF08BEFAD } created: 2010-09-23 expires: never usage: E } card-no: FFFE 67240842 } ssb ed25519/56F8269DCA1C3AD3 } created: 2017-10-17 expires: never usage: A } card-no: FFFE 67240842 } [ultimate] (1). Osamu Aoki } } gpg> q } } Background: } At Debconf17 gNiibe-san tempted me to use "Modern GPG" and ... I now } have a subkey using algorithm 22 (ed25519) and Gnuk. That's why I have } card-no in the above example and ed25519. } - End forwarded message - -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/