FS#51031 - [gnome-keyring] does not support elliptic-curve-based SSH keys

Attached to Project: Arch Linux
Opened by gdonval (gdonval) - Thursday, 29 September 2016, 10:14 GMT
Last edited by Jan de Groot (JGC) - Friday, 23 August 2019, 21:27 GMT
Task Type Feature Request
Category Upstream Bugs
Status Closed
Assigned To Jan de Groot (JGC)
Jan Alexander Steffens (heftig)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

Gnome-keyring does not handle newish (i.e. 5-6 years old) keys based on elliptic curve cryptography (i.e. ECDSA and Ed25519). What could have been a feature enhancement 5 years ago should now be considered a bug as it actively hinders the transition to more efficient (elliptic curve) and more secure keys (new on-disk format more resilient to bruteforce attacks).

Additionally, ECDSA is the new default in OpenSSH: its support in Gnome-keyring is therefore long overdue.

The bug is already reported upstream:

https://bugzilla.gnome.org/show_bug.cgi?id=641082 (2011)
https://bugzilla.gnome.org/show_bug.cgi?id=723274 (2014)

and I thought that maybe, an official report from an official maintainer could somewhat help to revive the efforts in that direction.
This task depends upon

Closed by  Jan de Groot (JGC)
Friday, 23 August 2019, 21:27 GMT
Reason for closing:  Fixed
Additional comments about closing:  gnome-keyring wraps openssh ssh-agent now, so this should be fixed.
Comment by Jan Alexander Steffens (heftig) - Friday, 30 September 2016, 15:25 GMT
Those two bugs were both opened by Arch developers. GNOME Keyring lacks a passionate maintainer. I wouldn't expect anything to happen unless this starts hurting RHEL users.
Comment by Jan de Groot (JGC) - Sunday, 12 November 2017, 22:30 GMT
ECDSA is supported in 3.27.2-1 now, ED25519 is not supported yet.

Loading...