elliptic curve (ed25519) support
When Monkeysign encounters a ed25519 authentication key, it fails to translate it in a matching ed25519 SSH key for the user.
Example:
$ gpg --export --export-option export-minimal --no-armor 260E858CA9D2505D9E2C471569361A59A066B658 | openpgp2ssh "micah@riseup.net"
We only support RSA keys (this key used algorithm 22).
We only support RSA keys (this key used algorithm 22).
We only support RSA keys (this key used algorithm 18).
No matching key found.
Algo 18 is, I believe, "elliptic curve" according to RFC 4880 section 9.1 and 22 is EDDSA, according to draft-koch-eddsa-for-openpgp-04 section 6. Anyways, there's some ECC stuff going on there.
One problem with fixing this is that openpgp2ssh
has RSA hardcoded all over the place. Even if we would fix that by splitting the RSA code out of sub findkey
(in src/share/keytrans
, which is what openpgp2ssh
eventually calls, i think), we'd still have to actually generate an OpenSSH ed25519 key. And here's the rub: OpenSSL (what eventually backs all of this) doesn't actually support those curves yet. So even if there would be a Perl module to implement this, it wouldn't work because you'd need OpenSSL support.
I tried to implement a converter in Python, using the PGPy project, but failed in the same place: it also uses OpenSSL and even though it seems pretty simple to add new curves, there doesn't seem to be an easy way to add that one because support is missing from OpenSSL. I filed a request to add ED25519 there to see where it goes. That issue also has details about the OpenSSL implementation, which actually landed in master in June 2017.
Strangely enough, OpenSSH, which does use OpenSSL, does implement ed25519. But that's probably thanks to the addition of OpenSSL-free crypto in 2014, which made OpenSSH work without OpenSSL at all...
So anyways, this is as far as I got, basically:
diff --git a/src/share/keytrans b/src/share/keytrans
index 7b83675..23de61b 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -71,6 +71,8 @@ my $old_format_packet_lengths = { one => 0,
my $asym_algos = { rsa => 1,
elgamal => 16,
dsa => 17,
+ cv25519 => 18,
+ ed25519 => 22,
};
# see RFC 4880 section 9.2
I'm not even sure those keywords are correct, and they basically don't do anything...