registry team mailing list archive

Thread
Date

[Bug 567106] Re: [lucid] gpg-agent prevents unprotection of passphrases

To: registry@xxxxxxxxxxxxxxxxxxx
From: Michael Bienia <michael@xxxxxxxxx>
Date: Sat, 19 Jun 2010 09:27:46 -0000
Reply-to: Bug 567106 <567106@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Description changed:

  Binary package hint: gpg-agent
  
  gpg-agent version 2.0.14 has a known bug which prevents unprotection of
  new or changed gpg-agent passphrases.
  
  If someone tries to unlock an ssh-key which has been changed with the
  lucid's version of the agent (2.0.14) the pinentry program will always
  report a wrong passphrase and ssh will fail with "Agent admitted failure
  to sign using the key."
  
  https://bugs.g10code.com/gnupg/issue1184
  http://lists.gnupg.org/pipermail/gnupg-users/2010-April/038626.html
  
  A patch from upstream has been attached
  (http://lists.gnupg.org/pipermail/gnupg-users/2010-April/038632.html).
+ 
+ TEST CASE:
+ 
+ - Prepare a SSH key (or take an existing one):
+     ssh-keygen -C "test key" -f test_key
+     cat test_key.pub >> ~/.ssh/authorized_keys
+ 
+ - Test that it's broken:
+     eval "$(gpg-agent --daemon --enable-ssh-support)"
+     ssh-add test_key
+     ssh localhost
+ 
+ - Test that the fix works:
+     ssh-add -d test_key
+     rm ~/.gnupg/private-keys-v1.d/<therightkey>.key (look at the timestamps of the files to find the right one for the recent added SSH test key)
+     Install the fixed packages
+     eval "$(gpg-agent --daemon --enable-ssh-support)"
+     ssh-add test_key
+     ssh localhost

-- 
[lucid] gpg-agent prevents unprotection of passphrases
https://bugs.launchpad.net/bugs/567106
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for GnuPG2.