BouncyCastleGpgKeyLocator fails with ed25519 PGP keys

Question

BouncyCastleGpgKeyLocator fails with ed25519 PGP keys

cstamas opened this issue 6 months ago · comments

Tamas Cservenak commented 6 months ago

Version

6.8.0.202311291450-r

Operating System

Linux/Unix

Bug description

When .gnupg/private-keys-v1.d contains ed25519 key, the class BouncyCastleGpgKeyLocator fails, error occurs here:
https://github.com/eclipse-jgit/jgit/blob/master/org.eclipse.jgit.gpg.bc/src/org/eclipse/jgit/gpg/bc/internal/keys/SecretKeys.java#L134

Cause is most probably
bcgit/bc-java#1590

Actual behavior

Currently new PGPException("no q value found") is hit and operation fails.

Expected behavior

To have ed25519 key loaded up.

Relevant log output

Caused by: org.bouncycastle.openpgp.PGPException: no q value found
    at org.eclipse.jgit.gpg.bc.internal.keys.SExprParser.parseSecretKey (SExprParser.java:134)
    at org.eclipse.jgit.gpg.bc.internal.keys.SecretKeys.readSecretKey (SecretKeys.java:152)

Other information

No response

Thomas Wolf · Answer 1 · Tue Mar 19 2024 04:04:06 GMT+0800 (China Standard Time)

Thanks for this bug report. Gerrit change 1184466 fixes this. Note that it is not sufficient to parse the "flags" sub-list; later on the code checks the OIDs and needs to be made aware of the OID for ed25519. It appears to be unknown to Bouncy Castle.

Thomas Wolf · Answer 2 · Wed Apr 10 2024 02:21:02 GMT+0800 (China Standard Time)

Gerrit change 1184466 is merged.

For the next EGit release we can consider bumping the minimum version of BC required to 1.78, and then we can maybe remove this copy of the SExprParser. BC 1.78 is supposed to have an upstream fix for this (and for AES/OCB encrypted keys). I don't want to do this in this release; I first want to have an Eclipse release that includes BC 1.78 by default because of the bundle symbolic name changes in BC.