RSA derived key error
Closed this issue · 3 comments
OnlyKey docs suggests that we should be able to generate derived RSA key pairs using the following command:
onlykey-agent user@host -e rsa
However, this results in the following error:
2021-04-23 14:46:42,891 INFO identity #0: <ssh://user@host|rsa> [__init__.py:287]
2021-04-23 14:46:43,042 INFO Requesting public key from key slot =132 [onlykey.py:111]
2021-04-23 14:46:43,043 INFO Identity to hash =b'user@host' [onlykey.py:125]
2021-04-23 14:46:43,043 INFO Identity hash =5d488afdbb0ec4818ebc69aeedd5abfb3dde7dc322b6a63f6798a45f61808a76 [onlykey.py:129]
2021-04-23 14:46:43,044 INFO curve name= 'rsa' [onlykey.py:145]
2021-04-23 14:46:44,589 INFO received= [] [onlykey.py:190]
2021-04-23 14:46:44,589 INFO 0 [onlykey.py:191]
2021-04-23 14:46:44,590 INFO disconnected from OnlyKey [onlykey.py:94]
Traceback (most recent call last):
File "<...>/opt/miniconda3/envs/onlykey/bin/onlykey-agent", line 8, in <module>
sys.exit(ssh_agent())
File "<...>/opt/miniconda3/envs/onlykey/bin/onlykey_agent.py", line 5, in <lambda>
ssh_agent = lambda: libagent.ssh.main(DeviceType)
File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/ssh/__init__.py", line 185, in wrapper
return func(*args, **kwargs)
File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/ssh/__init__.py", line 323, in main
for pk in conn.public_keys():
File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/ssh/__init__.py", line 221, in public_keys
self.public_keys_cache = conn.export_public_keys(self.identities)
File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/ssh/client.py", line 27, in export_public_keys
pubkey = self.device.pubkey(identity=i)
File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/device/onlykey.py", line 205, in pubkey
raise interface.DeviceError("Error response length is not a valid public key")
libagent.device.interface.DeviceError: Error response length is not a valid public key
The ed25519
key type works correctly.
Environment
- macOS 11.2.3 (also tested on Ubuntu with same results)
- Python 3.8.8 (miniconda)
- OnlyKey firmware 2.1.0 STD
RSA keys are not supported as derived keys, that is for stored keys. It looks like we had that incorrectly listed in the docs I have corrected that thanks for pointing it out. You would use stored keys like this:
$ onlykey-agent user@host -e rsa -sk 2
Where -sk 2 is if your signing key is stored in RSA slot 2
Thanks for the clarification.
One question: will the OnlyKey backup keep the stored keys and their passphrases? I mean, once I restore the backup, will I have to enter the passphrase again to use the stored key?
Keys are included in the encrypted backup, after restore your key is ready to use no need to re-enter passphrase.