Decrypt not working with my setup
orolhawion opened this issue · comments
Environment
- OS: MacOS 11 (Big Sur)
- age version: 1.0.0.rc1
What were you trying to do
I tried to decrypt a previously encrypted txt file.
What happened
An error was displayed: Error: no identity matched any of the recipients
More Details
I might explain my setup which may be the issue itself:
For encryption I derived the ssh public key from my pgp key (RSA4096) which is located on my YubiKey 5, hence I do not have a private key file on the file system as the doc suggests.
I read that ssh-agent is not supported, however I am running gpg-agent, which also may not be supported. I just thought I would have a use case here.
Could be related to #137
$ age -R ~/.ssh/id_rsa.pub plain.txt > plain.txt.age
$ cat plain.txt.age
age-encryption.org/v1
-> ssh-rsa 7nXROQ
[...]
--- Nsc+ERH0H8DWzgNYMCxRdndI1KBX9+sFMsRUO7JKEB4
σ????
V??v\?'A??ۡ>Iv??? ?%
$ age -d plain.txt.age > plain.txt.age.decrypted
Error: no identity matched any of the recipients
[ Did age not do what you expected? Could an error be more useful? Tell us: https://filippo.io/age/report ]
For encryption I derived the ssh public key from my pgp key (RSA4096) which is located on my YubiKey 5, hence I do not have a private key file on the file system as the doc suggests.
Yeah unfortunately SSH keys are only supported when available as a file. It's technically impossible to support them through the standard ssh-agent protocol. It might technically be possible to bypass the ssh-agent and use gpg-agent to do a decryption with the authentication key, if the OpenPGP applet allows that. However, we'd rather make the YubiKey plugin work very well and recommend using that rather than SSH keys for YubiKey compatibility.
Yeah unfortunately SSH keys are only supported when available as a file. It's technically impossible to support them through the standard ssh-agent protocol. It might technically be possible to bypass the ssh-agent and use gpg-agent to do a decryption with the authentication key, if the OpenPGP applet allows that. However, we'd rather make the YubiKey plugin work very well and recommend using that rather than SSH keys for YubiKey compatibility.
Is the yubikey plugin working and ready to use? Or is that still in development?
However, we'd rather make the YubiKey plugin work very well and recommend using that rather than SSH keys for YubiKey compatibility.
@FiloSottile does this imply the YubiKey plugin will require a hardware key?
i.e. no keychain / other agent based support is planned for password protected, digital keys?
This is the only usability feature that's stopping me from completely moving away from gpg.
Not as part of the YubiKey plugin, but we are thinking about encrypted keys and agents plugins. The plugin protocol is designed specifically with that in mind.