RSA derived key error

Question

RSA derived key error

Closed this issue 3 years ago · 3 comments

OnlyKey docs suggests that we should be able to generate derived RSA key pairs using the following command:

onlykey-agent user@host -e rsa

However, this results in the following error:

2021-04-23 14:46:42,891 INFO         identity #0: <ssh://user@host|rsa>                                                                   [__init__.py:287]
2021-04-23 14:46:43,042 INFO         Requesting public key from key slot =132                                                             [onlykey.py:111]
2021-04-23 14:46:43,043 INFO         Identity to hash =b'user@host'                                                                       [onlykey.py:125]
2021-04-23 14:46:43,043 INFO         Identity hash =5d488afdbb0ec4818ebc69aeedd5abfb3dde7dc322b6a63f6798a45f61808a76                      [onlykey.py:129]
2021-04-23 14:46:43,044 INFO         curve name= 'rsa'                                                                                    [onlykey.py:145]
2021-04-23 14:46:44,589 INFO         received= []                                                                                         [onlykey.py:190]
2021-04-23 14:46:44,589 INFO         0                                                                                                    [onlykey.py:191]
2021-04-23 14:46:44,590 INFO         disconnected from OnlyKey                                                                            [onlykey.py:94]
Traceback (most recent call last):
  File "<...>/opt/miniconda3/envs/onlykey/bin/onlykey-agent", line 8, in <module>
    sys.exit(ssh_agent())
  File "<...>/opt/miniconda3/envs/onlykey/bin/onlykey_agent.py", line 5, in <lambda>
    ssh_agent = lambda: libagent.ssh.main(DeviceType)
  File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/ssh/__init__.py", line 185, in wrapper
    return func(*args, **kwargs)
  File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/ssh/__init__.py", line 323, in main
    for pk in conn.public_keys():
  File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/ssh/__init__.py", line 221, in public_keys
    self.public_keys_cache = conn.export_public_keys(self.identities)
  File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/ssh/client.py", line 27, in export_public_keys
    pubkey = self.device.pubkey(identity=i)
  File "<...>/opt/miniconda3/envs/onlykey/lib/python3.8/site-packages/libagent/device/onlykey.py", line 205, in pubkey
    raise interface.DeviceError("Error response length is not a valid public key")
libagent.device.interface.DeviceError: Error response length is not a valid public key

The ed25519 key type works correctly.

Environment

macOS 11.2.3 (also tested on Ubuntu with same results)
Python 3.8.8 (miniconda)
OnlyKey firmware 2.1.0 STD

Answer 1 · 2021-04-23T14:45:58.000Z

RSA keys are not supported as derived keys, that is for stored keys. It looks like we had that incorrectly listed in the docs I have corrected that thanks for pointing it out. You would use stored keys like this:

$ onlykey-agent user@host -e rsa -sk 2

Where -sk 2 is if your signing key is stored in RSA slot 2

Answer 2 · 2021-04-23T15:58:52.000Z

Thanks for the clarification.

One question: will the OnlyKey backup keep the stored keys and their passphrases? I mean, once I restore the backup, will I have to enter the passphrase again to use the stored key?

Answer 3 · 2021-04-23T16:10:58.000Z

Keys are included in the encrypted backup, after restore your key is ready to use no need to re-enter passphrase.