search

eclipse-jgit / jgit

JGit, the Java implementation of git
https://www.eclipse.org/jgit/
Other
92 stars 31 forks source link

BouncyCastleGpgKeyLocator fails with ed25519 PGP keys #27

Closed cstamas closed 3 months ago

cstamas commented 4 months ago

Version

6.8.0.202311291450-r

Operating System

Linux/Unix

Bug description

When .gnupg/private-keys-v1.d contains ed25519 key, the class BouncyCastleGpgKeyLocator fails, error occurs here: https://github.com/eclipse-jgit/jgit/blob/master/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeys.java#L134

Cause is most probably https://github.com/bcgit/bc-java/issues/1590

Actual behavior

Currently new PGPException("no q value found") is hit and operation fails.

Expected behavior

To have ed25519 key loaded up.

Relevant log output

Caused by: org.bouncycastle.openpgp.PGPException: no q value found
    at org.eclipse.jgit.gpg.bc.internal.keys.SExprParser.parseSecretKey (SExprParser.java:134)
    at org.eclipse.jgit.gpg.bc.internal.keys.SecretKeys.readSecretKey (SecretKeys.java:152)

Other information

No response

tomaswolf commented 4 months ago

Thanks for this bug report. Gerrit change 1184466 fixes this. Note that it is not sufficient to parse the "flags" sub-list; later on the code checks the OIDs and needs to be made aware of the OID for ed25519. It appears to be unknown to Bouncy Castle.

tomaswolf commented 3 months ago

Gerrit change 1184466 is merged.

For the next EGit release we can consider bumping the minimum version of BC required to 1.78, and then we can maybe remove this copy of the SExprParser. BC 1.78 is supposed to have an upstream fix for this (and for AES/OCB encrypted keys). I don't want to do this in this release; I first want to have an Eclipse release that includes BC 1.78 by default because of the bundle symbolic name changes in BC.