FS#51031 - [gnome-keyring] does not support elliptic-curve-based SSH keys
Attached to Project:
Arch Linux
Opened by gdonval (gdonval) - Thursday, 29 September 2016, 10:14 GMT
Last edited by Jan de Groot (JGC) - Friday, 23 August 2019, 21:27 GMT
Opened by gdonval (gdonval) - Thursday, 29 September 2016, 10:14 GMT
Last edited by Jan de Groot (JGC) - Friday, 23 August 2019, 21:27 GMT
|
Details
Description:
Gnome-keyring does not handle newish (i.e. 5-6 years old) keys based on elliptic curve cryptography (i.e. ECDSA and Ed25519). What could have been a feature enhancement 5 years ago should now be considered a bug as it actively hinders the transition to more efficient (elliptic curve) and more secure keys (new on-disk format more resilient to bruteforce attacks). Additionally, ECDSA is the new default in OpenSSH: its support in Gnome-keyring is therefore long overdue. The bug is already reported upstream: https://bugzilla.gnome.org/show_bug.cgi?id=641082 (2011) https://bugzilla.gnome.org/show_bug.cgi?id=723274 (2014) and I thought that maybe, an official report from an official maintainer could somewhat help to revive the efforts in that direction. |
This task depends upon
Closed by Jan de Groot (JGC)
Friday, 23 August 2019, 21:27 GMT
Reason for closing: Fixed
Additional comments about closing: gnome-keyring wraps openssh ssh-agent now, so this should be fixed.
Friday, 23 August 2019, 21:27 GMT
Reason for closing: Fixed
Additional comments about closing: gnome-keyring wraps openssh ssh-agent now, so this should be fixed.
Comment by
Jan Alexander Steffens (heftig) -
Friday, 30 September 2016, 15:25 GMT
Comment by Jan de Groot (JGC) -
Sunday, 12 November 2017, 22:30 GMT
Those two bugs were both opened by Arch developers. GNOME Keyring
lacks a passionate maintainer. I wouldn't expect anything to
happen unless this starts hurting RHEL users.
ECDSA is supported in 3.27.2-1 now, ED25519 is not supported yet.