subject:"gpgkey2ssh and Ed25519 key"

Re: gpgkey2ssh and Ed25519 key

2015-12-21 Thread NIIBE Yutaka

On 12/21/2015 09:28 AM, perillamint wrote:
> I'm having trouble setting up ssh auth using Ed25519 key.

When you configure your gpg-agent properly (for your key), you can use
the SSH tool of ssh-add with option -L to show your public key in SSH
format.

Thank you for using new feature.  I know that gpgkey2ssh is still
useful in some cases, but I think that you don't need it because we
can use 'ssh-add -L'.

Here is an example session to configure GnuPG for Ed25519 key.  In
this example, I'm adding an authentication subkey for me.  Here we go.


I invoke gpg 2.1.x with --edit-key option specifying my name.
An option of --expert is required for Ed25519 key, since it's
not yet in the OpenPGP standard.

$ gpg2 --expert --edit-key gniibe
gpg (GnuPG) 2.1.10; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa2048/4CA7BABE
 created: 2010-10-15  expires: never   usage: SC
 card-no: F517 0001
 trust: ultimate  validity: ultimate
ssb  rsa2048/084239CF
 created: 2010-10-15  expires: never   usage: E
 card-no: F517 0001
ssb  rsa2048/5BB065DC
 created: 2010-10-22  expires: never   usage: A
 card-no: F517 0001
[ultimate] (1). NIIBE Yutaka 
[ultimate] (2)  NIIBE Yutaka 

These are my keys (on smartcard, in this case).  I'm adding a subkey
of Ed25519 by the subcommand of "addkey".

gpg> addkey
Secret parts of primary key are stored on-card.
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (12) ECC (encrypt only)
  (13) Existing key
Your selection? 11

I select "(11) ECC (set your own capabilities)" for authentication
key.  Then, put the capability of "Authenticate"...

Possible actions for a ECDSA key: Sign Authenticate
Current allowed actions: Sign

   (S) Toggle the sign capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? s

Removed "Sign" capability, by typing "s" and RETURN.

Possible actions for a ECDSA key: Sign Authenticate
Current allowed actions:

   (S) Toggle the sign capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? a

Added "Authenticate" capability, by typing "a" and RETURN.

Possible actions for a ECDSA key: Sign Authenticate
Current allowed actions: Authenticate

   (S) Toggle the sign capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? q

Done (by typing "q" and RETURN).  Then, selection of the Curve...

Please select which elliptic curve you want:
   (1) Curve 25519
   (2) NIST P-256
   (3) NIST P-384
   (4) NIST P-521
   (5) Brainpool P-256
   (6) Brainpool P-384
   (7) Brainpool P-512
Your selection? 1

I selected "(1) Curve 25519" by typing "1" and RETURN.  The name would
be confusing, but this is the curve for Ed25519.

gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard.
Use this curve anyway? (y/N) y

Yup, we know.  Confirmed by typing "y" and RETURN.

Please specify how long the key should be valid.
 0 = key does not expire
= key expires in n days
  w = key expires in n weeks
  m = key expires in n months
  y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y

Answered "y", more times.  Then, I was asked for passphrase (two
times, not shown).  I inputted it by pinentry.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.


sec  rsa2048/4CA7BABE
 created: 2010-10-15  expires: never   usage: SC
 card-no: F517 0001
 trust: ultimate  validity: ultimate
ssb  rsa2048/084239CF
 created: 2010-10-15  expires: never   usage: E
 card-no: F517 0001
ssb  rsa2048/5BB065DC
 created: 2010-10-22  expires: never   usage: A
 card-no: F517 0001
ssb  ed25519/9E350F4D
 created: 2015-12-21  expires: never   usage: A
[ultimate] (1). NIIBE Yutaka 
[ultimate] (2)  NIIBE Yutaka 

OK, I have the subkey of ed25519/9E350F4D.  Good.

gpg> save

Saved.  We need the keygrip of this subkey to

gpgkey2ssh and Ed25519 key

2015-12-21 Thread perillamint

Hello,

I'm having trouble setting up ssh auth using Ed25519 key.

I tries to convert it using gpgkey2ssh and it returns

Unsupported algorithm: 22

Is there any version of gpgkey2ssh or other tool which allows converting
ed25519 pubkey for ssh use?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpgkey2ssh and Ed25519 key

2015-12-21 Thread Neal H. Walfield

Hi,

On Mon, 21 Dec 2015 10:28:47 +0100,
perillamint wrote:
> I'm having trouble setting up ssh auth using Ed25519 key.
> 
> I tries to convert it using gpgkey2ssh and it returns
> 
> Unsupported algorithm: 22
> 
> Is there any version of gpgkey2ssh or other tool which allows converting
> ed25519 pubkey for ssh use?

gpgkey2ssh has been decprecated for a while.  In fact, it was only
intended as a debugging aid.  (See
https://bugs.gnupg.org/gnupg/issue1610)

Thanks,

:) Neal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpgkey2ssh and Ed25519 key

gpgkey2ssh and Ed25519 key

Re: gpgkey2ssh and Ed25519 key

3 matches

Site Navigation

Mail list logo

Footer information