summaryrefslogtreecommitdiff
path: root/website/bugs/handle-passphrase-locked-secret-keys.mdwn
blob: 5143db6f0732146c989289d4e452ccee69d1605d (plain)

[[!meta title="MonkeySphere can't deal with passphrase-locked primary keys"]]

At the moment, the only tool we have to export passphrase-locked secret keys from the GPG keyring is gpg itself (and gpg2, which has roughly the same behavior).

As a result, we have the seckey2sshagent hack, which is unfriendly and awkward to use.

Ideally, openpgp2ssh would be able to convert passphrase-locked secret keys into clean subkeys. However, i've tried to do this via GnuTLS, and that library is not ready for this.

OpenCDK, which is the component of GnuTLS which reads OpenPGP-style keys, cannot cope with encrypted secret key material. I have had some success in getting GnuTLS's OpenCDK to accept the existence of encrypted secret key packets, i learned that OpenCDK as included in GnuTLS is incapable of dealing with the encrypted packets themselves.

Some possible resolutions:


If we can assume that the passphrase-encrypted key we want to use is actually a subkey, and if we could fix GnuTLS to ignore the use of the "gnu-dummy S2K" produced by gpg --export-secret-subkeys for the primary key, then something like the following script should actually work for reasonable values of $KEYID:

TMPDIR=$(mktemp -d)
umask 077
mkfifo "$TMPDIR/passphrase"
kname="MonkeySphere Key $KEYID"
mkfifo "$TMPDIR/$kname"
ssh-askpass "Please enter the passphrase for MonkeySphere key $KEYID" >"$TMPDIR/passphrase" &
gpg  --passphrase-fd 3 3<"$TMPDIR/passphrase" \
  --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \
  --export-secret-subkeys "$KEYID"\! | openpgp2ssh "$KEYID" > "$TMPDIR/$kname" &
(cd "$TMPDIR" && ssh-add -c "$kname")
rm -rf "$TMPDIR"	

Good news! I've crafted a patch for GnuTLS to enable it to read exported subkeys using this GNU extension, so if we can get it incorporated into upstream (and/or into debian), we have a possible solution, as long as the authentication key is a subkey, and not a primary key.

As of version 0.11-1, monkeysphere subkey-to-ssh-agent implements this particular strategy (and fails cleanly if the version of GnuTLS present doesn't support the GNU dummy S2K extension).


Ben Laurie and Rachel Willmer's OpenPGPSDK is a candidate: this is a C-based library that intends to implement RFC 4880 functionality.

We could potentially re-write openpgp2ssh using this library, and it should be able to handle everything we need from the OpenPGP side (though it might need to be re-linked to OpenSSL to handle PEM-encoded exports.

Concerns:

  • OpenPGPSDK is not in debian yet, and doesn't currently (2008-08-13) build with gcc 4.2 or 4.3.

  • OpenPGPSDK uses the apache license and appears to link to OpenSSL, which has a GPL-incompatible license. I think this would mean that openpgp2ssh could not remain GPL (though the rest of the monkeysphere could).


We could try to use perl. The last time i checked, the pure-perl OpenPGP implementations all depended on Math::PARI, which is not in debian. The most likely candidate is Crypt::OpenPGP, despite some bugginess.

Concerns:

  • the aforementioned buggy reviews

  • there's a lot of dependency chasing to get anything like this available in debian.


Other alternatives?


Can this bug be closed? dkg reported in a comment for a related bug:

Version 0.11-1 now has the monkeysphere subkey-to-ssh-agent
subcommand, which works cleanly in the presence of a
functionally-patched GnuTLS.

Even with the patched GnuTLS, monkeysphere currently can't currently deal with passphrase-locked primary keys. I've changed the title of this bug, but i'd like to keep it open until we are able to deal with that. The other comments here seem still quite relevant to that need.

I've changed the title of this bug to reflect the narrowed scope.

   --dkg