[BUG] git authentication with secondary openkeychain key is never tried
Closed this issue · 4 comments
Describe the bug (Following up #482 (comment))
By having my primary key + authentication subkey A on a smart card and another authentication subkey B (generated by the same primary key), stored on my device, causes an issue where only subkey A is attempted while subkey B never gets tried. Unless subkey A is removed.
I believe that the issue may have to do with the fact that the prompt allows the user to select only a default key instead of a specific authentication key.
To Reproduce
Steps to reproduce the behavior:
- Having openkeychain containing primary key + auth subkey A on YubiKey and private auth subkey B stored on the device
- Starting on PasswordStore fresh installation add a new repo details
- A prompt for selecting the authentication key is displayed (notice that it only shows 1 checkbox instead of 2 related to subkey A and subkey B)
- Select the available key
- Password store asks for scanning Yubikey for authenticating instead of using subkey B which is on the device
Expected behavior
I would expect that subkey B is used for SSH authentication.
Device information (please complete the following information):
- Device: Samsung Galaxy S10e
- OS: stock ROM Android version 10
- App version 1.13.1
I think that OpenKeychain only allows us to specify a primary key via its crypto operation API. Therefore, the choice of the subkey is entirely up to OpenKeychain. @msfjarvis Should we label this as blocked?
I think that OpenKeychain only allows us to specify a primary key via its crypto operation API. Therefore, the choice of the subkey is entirely up to OpenKeychain. @msfjarvis Should we label this as blocked?
Yeah if we can't select the subkey on our end then it's effectively blocked. @zanona can you file a parallel issue for this over at https://github.com/open-keychain/open-keychain please?
@msfjarvis done! Although, I'd be also leaning towards #1195.
I'm cleaning up old issues, since this is completely unactionable on our side I'm closing this. If OpenKeychain ever provides this functionality please open a new issue.