Issue with AGE verification of ssh keys with no passphrase

[matthewkeil]

I debugged the issue may people are having and have found an issue with AGE during the decryption. I updated the python to output some data to debug with (listed below) and have provided the output that resulted (below the python). I found my name and public key listed in the metadata.json and the script is correctly pulling the AGE ENCRYPTED FILE. The error that comes up is bcrypt_pbkdf: empty password which is correct because that particular key is not passphrase protected... Not sure how to proceed.

Thank you for your help in advance!!!

def decrypt_temp_eth_account(sshPubKey, sshPrivKey, username, metadata):
    if sshPubKey not in metadata.encryptedKeys[username]:
        error("Specified SSH key is not eligible for claiming. Only RSA and Ed25519 keys are supported for proof generation.")

    data = metadata.encryptedKeys[username][sshPubKey]

    print(data)

    result = subprocess.run(["age",
                             "--decrypt",
                             "--identity",
                             sshPrivKey],
                            capture_output=True,
                            input=data.encode(),
                            env=env)

    print(result)

    if result.returncode != 0:
        raise OSError(result.stderr)

❯ python3 python/proof.py

Welcome to the proof generation script for Fluence Developer Reward Airdrop.
5% of the FLT supply is allocated to ~110,000 developers who contributed into open source web3 repositories during last year.
Public keys of selected Github accounts were added into a smart contract on Ethereum. Claim your allocation and help us build the decentralized internet together!

Check if you are eligible and proceed with claiming

Enter your github username so we can check if you are participating in the airdrop:
matthewkeil

Ethereum wallet address is necessary to generate a proof that you will send through our web page.
Important notice: you need to make a claim transaction from the entered address!

Enter the ethereum address to which you plan to receive the airdrop:
**********************redacted************************

Your ssh keys in ~/.ssh:
**********************redacted************************

Now the script needs your ssh key to generate proof. Please, enter path for github SSH key:

-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEorNmx5QSBtL3Z1
bGV0N0d2WDVxNW02NjFFNVUwMzZvMkhYanpCNTRZRi9maC9vdEJjClYzVFIyamhp
V3Bacmtwc0pzRlR2OUdRTnFIdzcya0F6cWF2T3F3Q0FvYnMKLS0tIDlNK0EvcENi
UTErZGVnK2ZVcWo2eGVoZVh3QmhnNEZEbjAwT2lGRnRVRmMKCcaVcdZOHPOMQEkw
gc7ezWzm3kJgOw34ANkyatrs6X3ZsRVUIR7bBVwtSyjuBX+CBeItWQsM0z6s9woC
c6z4UobtXefGxnBUawrD1MGNixf4Iu74SYt97hs+64tHumoD2QU=
-----END AGE ENCRYPTED FILE-----

Enter passphrase for "**********************redacted************************": 

CompletedProcess(args=['age', '--decrypt', '--identity', '**********************redacted************************'], returncode=1, stdout=b'', stderr=b'age: error: failed to decrypt SSH key file: bcrypt_pbkdf: empty password\nage: report unexpected or unhelpful errors at https://filippo.io/age/report\n')
Traceback (most recent call last):
  File "*******/dev-rewards/python/proof.py", line 166, in <module>
    main()
  File "*******/dev-rewards/python/proof.py", line 151, in main
    tempETHAccount = decrypt_temp_eth_account(
                     ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "*******/dev-rewards/python/proof.py", line 122, in decrypt_temp_eth_account
    raise OSError(result.stderr)
OSError: b'age: error: failed to decrypt SSH key file: bcrypt_pbkdf: empty password\nage: report unexpected or unhelpful errors at https://filippo.io/age/report\n'

[matthewkeil]

Did a bit more debugging and this is the line that throws:

https://github.com/FiloSottile/age/blob/29b68c20fc241bf2e11bdd3e59b4368fe689e12a/agessh/encrypted_keys.go#L106

Will dig a bit more and update below

[matthewkeil]

Figure it out. That key infact had a passphrase....