dlech
commented
1 year ago Can you create an new key that reproduces the problem and attach it to this issue?
Closed topia closed 1 year ago
dlech
commented
1 year ago Can you create an new key that reproduces the problem and attach it to this issue?
topia
commented
1 year ago test-ed25519-key.txt I confirmed that this newly-created (with puttygen) ed25519 key can reproduce my problem.
xyrolaith
commented
1 year ago I got the same problem. My first guess was an issue with the special characters in the passphrase but if I export the key file to disk and load it manually everything works fine.
topia
commented
1 year ago @dlech, Can I help you to investigate this issue by adding other information? Or could you give me some pointers to start checking? I want to use the latest KeeAgent (at least) to make KeePass update checker happy.
dlech
commented
1 year ago I tried the test key provided, but it loads just fine on Windows in agent mode with the file attached to KeePass database entry. Are you using a different setup?
zantark
commented
1 year ago I encountered the same issue after an upgrade to the 13.1/13.2 versions.
My keys were correctly loaded before the upgrade of the plugin.
The only way I found to add the key is to load it from a file through the menu Tools>KeyAgent. I converted the keys to the PPK v3 format without success: still not loaded. I finally changed the passphrase on the keys and it worked. After multiple tries to eliminate each special character I found that the "é" character in my passphrase caused this problem with the new version. It could be the case with all the characters from the extended ASCII characters set.
topia
commented
1 year ago I tried the test key provided, but it loads just fine on Windows in agent mode with the file attached to KeePass database entry. Are you using a different setup?
I'm sorry that I didn't respond a long time. I can't know the difference between yours and mine, so I wrote down my environment and step to reproduce.
example-database.kdbx in example-database.zip) with very weak master password example-database)test-ed25519 entry, follow KeeAgent and click on Load SSH KeyIt seems like other people don't affect my issue, so I'm looking for another way to debug this issue.
dlech
commented
1 year ago Should be fixed in the latest builds (e.g. https://github.com/dlech/KeeAgent/suites/8813693594/artifacts/401080876) unless this issue is different from #370.
topia
commented
1 year ago @dlech, I think that your reply is for @zantark. For my problem, I reproduced it with an empty password, so it should be different from #370.
topia
commented
1 year ago I got the message blob from the older (0.12.1) and the latest (0.13.2) by the Visual Studio debugger.
hexdump (0.12.1)
00: 00 00 00 8e 11 00 00 00 0b 73 73 68 2d 65 64 32 .........ssh-ed2
10: 35 35 31 39 00 00 00 20 42 0d 4f d7 37 2e 6c ac 5519... B.O.7.l.
20: 09 77 3e df 99 59 4f 1f d9 43 6d d6 48 70 b2 e2 .w>..YO..Cm.Hp..
30: ad ac 63 21 54 5a e7 3a 00 00 00 40 74 ac 57 62 ..c!TZ.:...@t.Wb
40: e2 76 13 1c d8 05 54 67 67 01 57 f5 25 30 4c ac .v....Tgg.W.%0L.
50: 66 13 a4 07 e6 b2 44 0e 3e 2d d6 58 42 0d 4f d7 f.....D.>-.XB.O.
60: 37 2e 6c ac 09 77 3e df 99 59 4f 1f d9 43 6d d6 7.l..w>..YO..Cm.
70: 48 70 b2 e2 ad ac 63 21 54 5a e7 3a 00 00 00 12 Hp....c!TZ.:....
80: 65 64 64 73 61 2d 6b 65 79 2d 32 30 32 32 30 39 eddsa-key-202209
90: 33 30 30hexdump (0.13.2)
00: 00 00 00 5c 11 00 00 00 0b 73 73 68 2d 65 64 32 ...\.....ssh-ed2
10: 35 35 31 39 00 00 00 20 42 0d 4f d7 37 2e 6c ac 5519... B.O.7.l.
20: 09 77 3e df 99 59 4f 1f d9 43 6d d6 48 70 b2 e2 .w>..YO..Cm.Hp..
30: ad ac 63 21 54 5a e7 3a 00 00 00 20 74 ac 57 62 ..c!TZ.:... t.Wb
40: e2 76 13 1c d8 05 54 67 67 01 57 f5 25 30 4c ac .v....Tgg.W.%0L.
50: 66 13 a4 07 e6 b2 44 0e 3e 2d d6 58 00 00 00 00 f.....D.>-.X....it seems truncated, but I don't know why.
topia
commented
1 year ago I dug to SshAgentLib/AgentClient.cs.
on 0.12.1, AddBlobs ed25519PrivateKeyParameters.Signature, it has 0x40 bytes (signature).
on 0.13.2, AddBlobs ed25519PrivateKeyParameters.GetEncoded(), it seems like 0x20 bytes (key). https://github.com/bcgit/bc-csharp/blob/d775804e67e0c59956541cea55a159a4fe544c85/crypto/src/crypto/parameters/Ed25519PrivateKeyParameters.cs#L17 / https://github.com/bcgit/bc-csharp/blob/d775804e67e0c59956541cea55a159a4fe544c85/crypto/src/crypto/parameters/Ed25519PrivateKeyParameters.cs#L70
But I'm very confused that it works on your side.
topia
commented
1 year ago In golang implementation, the ed25519 private key should be 0x40 bytes and it is constructed by concatenating the private part and the public part. https://cs.opensource.google/go/go/+/refs/tags/go1.19.2:src/crypto/ed25519/ed25519.go;l=137-138
topia
commented
1 year ago I tried to send the full private key, I confirmed I could load my test key to pageant.
case PublicKeyAlgorithm.SshEd25519:
var ed25519PublicKeyParameters =
key.GetPublicKeyParameters() as Ed25519PublicKeyParameters;
var ed25519PrivateKeyParameters =
key.GetPrivateKeyParameters() as Ed25519PrivateKeyParameters;
builder.AddBlob(ed25519PublicKeyParameters.GetEncoded());
- builder.AddBlob(ed25519PrivateKeyParameters.GetEncoded());
+ var b = new byte[0x40];
+ Array.Copy(ed25519PrivateKeyParameters.GetEncoded(), b, 0x20);
+ Array.Copy(ed25519PublicKeyParameters.GetEncoded(), 0, b, 0x20, 0x20);
+ builder.AddBlob(b);
break;You did not mention that you are running in Client Mode and I forgot to ask and assumed Agent Mode, so that is probably the difference. Nice work on finding the problem.
topia
commented
1 year ago @dlech Thank you for fixing it!
I'm sorry, I assumed that I mentioned that with the to pageant part of this subject because I was sure it's PuTTY agent - an external program. Thank you for the clarification!
I don't know how to debug this issue, but I can't load my ed25519 keys (I tried with two different keys) after upgrading to 0.13.1/0.13.2. I rollbacked it to 0.12.1, and I confirmed it works as expected.
Any idea to debug this? I got the following message box for that, but no details are found.
additional info: I'm using PuTTY pre-0.78 build, but I'm not sure if it's related or not.