Bug#879512: paperkey: Unable to parse algorithm 22 (ed25519)

2017-10-24 Thread David Shaw 
On Oct 23, 2017, at 12:27 PM, Peter Palfrader  wrote:
> 
> On Mon, 23 Oct 2017, David Shaw wrote:
> 
>> Hi Peter,
>> 
>> I've added support for EdDSA to paperkey (it's a one-line fix - EdDSA and 
>> ECDSA have the same representation), so that's simple enough.
>> 
>> The segfault is more troubling though - not supporting an algorithm
>> (yet) is one thing, but paperkey should never segfault.
>> Unfortunately, I can't reproduce the segfault with various ed25519
>> keys, both as themselves and in combinations like RSA primary and
>> ed25519 subkey.  Can you send me a test key that reproduces the issue
>> for you?
> 
> Sure, attached.

Aha, thanks.  That gave me what I needed.  It didn't show up on my older build 
box, but does on the new one.

Here is a version that adds EdDSA support as well as fixes the segfault that 
happens when the primary key is of a known type, but the subkey is not.

http://www.jabberwocky.com/software/paperkey/paperkey-1.5.tar.gz
http://www.jabberwocky.com/software/paperkey/paperkey-1.5.tar.gz.sig

David

Bug#879512: paperkey: Unable to parse algorithm 22 (ed25519)

2017-10-23 Thread Peter Palfrader 
On Mon, 23 Oct 2017, David Shaw wrote:

> Hi Peter,
> 
> I've added support for EdDSA to paperkey (it's a one-line fix - EdDSA and 
> ECDSA have the same representation), so that's simple enough.
> 
> The segfault is more troubling though - not supporting an algorithm
> (yet) is one thing, but paperkey should never segfault.
> Unfortunately, I can't reproduce the segfault with various ed25519
> keys, both as themselves and in combinations like RSA primary and
> ed25519 subkey.  Can you send me a test key that reproduces the issue
> for you?

Sure, attached.

| weasel@orinoco:~/gpghome2$ gpg --import ~/fuse/sarek/test2.asc
| gpg: WARNING: unsafe permissions on homedir '/home/weasel/gpghome2'
| gpg: /home/weasel/gpghome2/trustdb.gpg: trustdb created
| gpg: key 42FA0478A3CC80F1: public key "test2" imported
| gpg: Total number processed: 1
| gpg:   imported: 1
| weasel@orinoco:~/gpghome2$ gpg --import ~/fuse/sarek/test2-secret.asc
| gpg: WARNING: unsafe permissions on homedir '/home/weasel/gpghome2'
| gpg: key 42FA0478A3CC80F1: "test2" not changed
| gpg: key 42FA0478A3CC80F1: secret key imported
| gpg: Total number processed: 1
| gpg:  unchanged: 1
| gpg:   secret keys read: 1
| gpg:   secret keys imported: 1
| weasel@orinoco:~/gpghome2$ gpg --list-key
| gpg: WARNING: unsafe permissions on homedir '/home/weasel/gpghome2'
| /home/weasel/gpghome2/pubring.kbx
| -
| pub   rsa2048 2017-10-22 [SC] [expires: 2019-10-22]
|   ABBC80F0A6340158E0E4559B42FA0478A3CC80F1
| uid   [ unknown] test2
| sub   ed25519 2017-10-22 [S] [expires: 2017-10-29]
| 
| weasel@orinoco:~/gpghome2$ gpg --list-secret-keys
| gpg: WARNING: unsafe permissions on homedir '/home/weasel/gpghome2'
| /home/weasel/gpghome2/pubring.kbx
| -
| sec   rsa2048 2017-10-22 [SC] [expires: 2019-10-22]
|   ABBC80F0A6340158E0E4559B42FA0478A3CC80F1
| uid   [ unknown] test2
| ssb   ed25519 2017-10-22 [S] [expires: 2017-10-29]
| 
| weasel@orinoco:~/gpghome2$ gpg --export-secret-keys test2 | paperkey
| gpg: WARNING: unsafe permissions on homedir '/home/weasel/gpghome2'
| # Secret portions of key ABBC80F0A6340158E0E4559B42FA0478A3CC80F1
| # Base16 data extracted Mon Oct 23 18:26:07 2017
| # Created with paperkey 1.3 by David Shaw
| #
| # File format:
| # a) 1 octet:  Version of the paperkey format (currently 0).
| # b) 1 octet:  OpenPGP key or subkey version (currently 4)
| # c) n octets: Key fingerprint (20 octets for a version 4 key or subkey)
| # d) 2 octets: 16-bit big endian length of the following secret data
| # e) n octets: Secret data: a partial OpenPGP secret key or subkey packet as
| #  specified in RFC 4880, starting with the string-to-key usage
| #  octet and continuing until the end of the packet.
| # Repeat fields b through e as needed to cover all subkeys.
| # 
| # To recover a secret key without using the paperkey program, use the
| # key fingerprint to match an existing public key packet with the
| # corresponding secret data from the paper key.  Next, append this secret
| # data to the public key packet.  Finally, switch the public key packet tag
| # from 6 to 5 (14 to 7 for subkeys).  This will recreate the original secret
| # key or secret subkey packet.  Repeat as needed for all public key or subkey
| # packets in the public key.  All other packets (user IDs, signatures, etc.)
| # may simply be copied from the public key.
| #
| # Each base16 line ends with a CRC-24 of that line.
| # The entire block of data ends with a CRC-24 of the entire block of data.
| 
|   1: 00 04 AB BC 80 F0 A6 34 01 58 E0 E4 55 9B 42 FA 04 78 A3 CC 80 F1 8166A9
|   2: 02 8B 00 07 FC 0A 7F BF 22 0C 10 40 69 73 B6 03 55 D2 13 D0 87 9A 8522D9
|   3: DA 7F A0 8B 60 0B 03 77 ED 4B 55 CC B4 1E 78 5E A1 CF DB BF C9 CF 935E07
|   4: 87 9F 0B 05 07 5F EF 6F 08 75 E5 2A 86 7F 52 2A E2 2A 57 80 DD 76 026AF3
|   5: D6 82 7D 1E 90 67 17 FF DB 66 00 1B 68 AF 2F CF F2 D2 2A B4 C8 7C 54E93F
|   6: D6 68 D8 23 59 53 F0 E7 E0 FF 7D B0 E6 08 48 2D DC D9 8E A6 4C 5C 75F7B8
|   7: 8C F2 75 BB EF 62 15 34 A5 C5 51 44 33 F2 1D E5 03 38 41 9C E4 2A 0DE30F
|   8: D4 C4 2D AA 6F 1A A3 7B 46 7C 9F 1D D6 D8 7F 94 DD DC AD 82 33 34 6C95CF
|   9: 9E 4F A3 34 11 4D D4 88 01 EE 87 7F F3 79 F9 09 C0 C9 4F 2A D9 F1 A99829
|  10: D2 8D 19 5F BF CF D8 5D E4 E4 B5 6F FE 37 3F 10 70 39 27 92 72 57 093A0C
|  11: CB 52 F4 A3 71 83 73 8C B6 A0 31 EA 24 F6 85 9B 97 05 3B AB A6 65 756771
|  12: 12 3D 1D 14 DF 7D C1 4A D1 A2 C1 87 23 4B 16 71 3F 01 71 A6 99 1F CF90C3
|  13: 89 9A B9 3D E5 16 74 D7 DA F8 38 01 63 40 D5 2C 0E 2F 81 04 00 D1 8DD22C
|  14: 94 CD BE CF 9A FD 7E 79 66 2C 0C E1 90 3E DB DD 18 82 95 79 8D B8 A54036
|  15: FC 23 B9 F4 83 C9 CE 9A 57 18 58 E9 42 71 39 C2 8C 7E B1 0A E1 4A 6B80DA
|  16: A9 CC C1 F7 9B AA 9E 33 EC B1 8A E8 14 77 BA 54 76 EA EC 55 99 7A 36AE0D
|  17: 23 1A 91 47 AF 02 BF B0 CB AB 0E C1 DE AF 68 EC FC DA C0 CB 49 19 253DEB
|  18: B9 A9 D1 C1

Bug#879512: paperkey: Unable to parse algorithm 22 (ed25519)

2017-10-23 Thread David Shaw 
Hi Peter,

I've added support for EdDSA to paperkey (it's a one-line fix - EdDSA and ECDSA 
have the same representation), so that's simple enough.

The segfault is more troubling though - not supporting an algorithm (yet) is 
one thing, but paperkey should never segfault.  Unfortunately, I can't 
reproduce the segfault with various ed25519 keys, both as themselves and in 
combinations like RSA primary and ed25519 subkey.  Can you send me a test key 
that reproduces the issue for you?

David

> On Oct 22, 2017, at 10:05 AM, Peter Palfrader  wrote:
> 
> Hi David!
> 
> The following issue has been reported against the Debian package of
> paperkey (1.3) at https://bugs.debian.org/879512 -- paperkey 1.4 is
> also affected.
> 
> It seems paperkey is unable to deal with ed25519 keys:
> 
> | weasel@orinoco:~/gnupghome$ gpg --list-key
> | /home/weasel/gnupghome/pubring.kbx
> | --
> | pub   ed25519 2017-10-22 [SC] [expires: 2019-10-22]
> |   83EE1EE4EAA6BA37A4786292C66129D09E62C462
> | uid   [ultimate] test1
> | 
> | pub   rsa2048 2017-10-22 [SC] [expires: 2019-10-22]
> |   ABBC80F0A6340158E0E4559B42FA0478A3CC80F1
> | uid   [ultimate] test2
> | 
> | weasel@orinoco:~/gnupghome$ gpg --export-secret-keys test1 | paperkey
> | Unable to parse algorithm 22
> | e1:weasel@orinoco:~/gnupghome$ 
> 
> With an ed25519 master key, no segfault happens.  With an rsa master and
> an ed25519 subkey, I have observed segfaults, as also reported by Osamu
> Aoki.
> 
> Cheers,
> 
> - Forwarded message from Osamu Aoki  -
> } 
> } Problem: paperkey causes "Segmentation fault" with ed25519 subkey.
> } 
> }  $ gpg --export-secret-key 1DD8D791 |paperkey >paper-secret-1DD8D791.txt
> }  Unable to parse algorithm 22
> }  Segmentation fault
> } 
> } (paperkey works fine with my old rsa1024 key w/o ed25519 subkey)
> } 
> } How to reproduce:
> }  * Add a ed25519 subkey with "gpg --expert".
> }  * Execute paperkey as above (1DD8D791 is my key) 
> } 
> } FYI:
> }  $ gpg --list-keys 1DD8D791
> }  pub   rsa4096 2010-09-23 [SC]
> }3133724D6207881579E95D621E1356881DD8D791
> }  uid   [ultimate] Osamu Aoki 
> }  sub   rsa4096 2010-09-23 [E]
> }  sub   ed25519 2017-10-17 [A]
> }  $ gpg --edit-key 1DD8D791
> }  gpg (GnuPG) 2.2.1; Copyright (C) 2017 Free Software Foundation, Inc.
> }  This is free software: you are free to change and redistribute it.
> }  There is NO WARRANTY, to the extent permitted by law.
> }  
> }  Secret key is available.
> }  
> }  sec  rsa4096/1E1356881DD8D791
> }   created: 2010-09-23  expires: never   usage: SC  
> }   card-no: FFFE 67240842
> }   trust: ultimate  validity: ultimate
> }  ssb  rsa4096/A04CBCEEF08BEFAD
> }   created: 2010-09-23  expires: never   usage: E   
> }   card-no: FFFE 67240842
> }  ssb  ed25519/56F8269DCA1C3AD3
> }   created: 2017-10-17  expires: never   usage: A   
> }   card-no: FFFE 67240842
> }  [ultimate] (1). Osamu Aoki 
> }  
> }  gpg> q
> } 
> } Background:
> }  At Debconf17 gNiibe-san tempted me to use "Modern GPG" and ...  I now
> }  have a subkey using algorithm 22 (ed25519) and Gnuk.  That's why I have
> }  card-no in the above example and ed25519.
> } 
> - End forwarded message -
> 
> -- 
>|  .''`.   ** Debian **
>  Peter Palfrader   | : :' :  The  universal
> https://www.palfrader.org/ | `. `'  Operating System
>|   `-https://www.debian.org/
>

Bug#879512: paperkey: Unable to parse algorithm 22 (ed25519)

2017-10-23 Thread Osamu Aoki 
Hi,

On Sun, Oct 22, 2017 at 02:05:22PM +, Peter Palfrader wrote:
> Hi David!
> 
> The following issue has been reported against the Debian package of
> paperkey (1.3) at https://bugs.debian.org/879512 -- paperkey 1.4 is
> also affected.
> 
> It seems paperkey is unable to deal with ed25519 keys:
> 
> | weasel@orinoco:~/gnupghome$ gpg --list-key
> | /home/weasel/gnupghome/pubring.kbx
> | --
> | pub   ed25519 2017-10-22 [SC] [expires: 2019-10-22]
> |   83EE1EE4EAA6BA37A4786292C66129D09E62C462
> | uid   [ultimate] test1
> | 
> | pub   rsa2048 2017-10-22 [SC] [expires: 2019-10-22]
> |   ABBC80F0A6340158E0E4559B42FA0478A3CC80F1
> | uid   [ultimate] test2
> | 
> | weasel@orinoco:~/gnupghome$ gpg --export-secret-keys test1 | paperkey
> | Unable to parse algorithm 22
> | e1:weasel@orinoco:~/gnupghome$ 
> 
> With an ed25519 master key, no segfault happens.  With an rsa master and
> an ed25519 subkey, I have observed segfaults, as also reported by Osamu
> Aoki.
> 
> Cheers,

Thanks for checking problem to the latest version.  I thought about the
problem more.

I am now wondering the raison d'etre of paperkey, too.  It was important
in GPG pre-2.1.  But the newer GPG (>=2.1) seems to store each secret
key as a file with the minimal content under ~/.gnupg/private-keys-v1.d/
identified by the keygrip.

$ gpg --list-key --with-keygrip 1DD8D791
pub   rsa4096 2010-09-23 [SC]
  3133724D6207881579E95D621E1356881DD8D791
  Keygrip = B20FCDB27DF54AFD0177AA666DD743F876A737D5
uid   [ultimate] Osamu Aoki 
sub   rsa4096 2010-09-23 [E]
  Keygrip = B94F91E2FC0B861EAB1144DE3FDAC204347F66EB
sub   ed25519 2017-10-17 [A]
  Keygrip = 6E3B850409CDBE1874B89AEA5A9A31FC190245B6

Then I know which file is which secret key...

Restoring procedure described in paperkey is no more valid for the new GPG.

It may be good idea to mark this command for gnupg1 (1.4).  Then ed25519
may not need to be supported

Osamu

Bug#879512: paperkey: Unable to parse algorithm 22 (ed25519)

2017-10-22 Thread Peter Palfrader 
Hi David!

The following issue has been reported against the Debian package of
paperkey (1.3) at https://bugs.debian.org/879512 -- paperkey 1.4 is
also affected.

It seems paperkey is unable to deal with ed25519 keys:

| weasel@orinoco:~/gnupghome$ gpg --list-key
| /home/weasel/gnupghome/pubring.kbx
| --
| pub   ed25519 2017-10-22 [SC] [expires: 2019-10-22]
|   83EE1EE4EAA6BA37A4786292C66129D09E62C462
| uid   [ultimate] test1
| 
| pub   rsa2048 2017-10-22 [SC] [expires: 2019-10-22]
|   ABBC80F0A6340158E0E4559B42FA0478A3CC80F1
| uid   [ultimate] test2
| 
| weasel@orinoco:~/gnupghome$ gpg --export-secret-keys test1 | paperkey
| Unable to parse algorithm 22
| e1:weasel@orinoco:~/gnupghome$ 

With an ed25519 master key, no segfault happens.  With an rsa master and
an ed25519 subkey, I have observed segfaults, as also reported by Osamu
Aoki.

Cheers,

- Forwarded message from Osamu Aoki  -
} 
} Problem: paperkey causes "Segmentation fault" with ed25519 subkey.
} 
}  $ gpg --export-secret-key 1DD8D791 |paperkey >paper-secret-1DD8D791.txt
}  Unable to parse algorithm 22
}  Segmentation fault
} 
} (paperkey works fine with my old rsa1024 key w/o ed25519 subkey)
} 
} How to reproduce:
}  * Add a ed25519 subkey with "gpg --expert".
}  * Execute paperkey as above (1DD8D791 is my key) 
} 
} FYI:
}  $ gpg --list-keys 1DD8D791
}  pub   rsa4096 2010-09-23 [SC]
}3133724D6207881579E95D621E1356881DD8D791
}  uid   [ultimate] Osamu Aoki 
}  sub   rsa4096 2010-09-23 [E]
}  sub   ed25519 2017-10-17 [A]
}  $ gpg --edit-key 1DD8D791
}  gpg (GnuPG) 2.2.1; Copyright (C) 2017 Free Software Foundation, Inc.
}  This is free software: you are free to change and redistribute it.
}  There is NO WARRANTY, to the extent permitted by law.
}  
}  Secret key is available.
}  
}  sec  rsa4096/1E1356881DD8D791
}   created: 2010-09-23  expires: never   usage: SC  
}   card-no: FFFE 67240842
}   trust: ultimate  validity: ultimate
}  ssb  rsa4096/A04CBCEEF08BEFAD
}   created: 2010-09-23  expires: never   usage: E   
}   card-no: FFFE 67240842
}  ssb  ed25519/56F8269DCA1C3AD3
}   created: 2017-10-17  expires: never   usage: A   
}   card-no: FFFE 67240842
}  [ultimate] (1). Osamu Aoki 
}  
}  gpg> q
} 
} Background:
}  At Debconf17 gNiibe-san tempted me to use "Modern GPG" and ...  I now
}  have a subkey using algorithm 22 (ed25519) and Gnuk.  That's why I have
}  card-no in the above example and ed25519.
} 
- End forwarded message -

-- 
|  .''`.   ** Debian **
  Peter Palfrader   | : :' :  The  universal
 https://www.palfrader.org/ | `. `'  Operating System
|   `-https://www.debian.org/