Launchpad cannot handle ECC or Ed25519 OpenPGP keys

Bug #1827369 reported by dkg on 2019-05-02
58
This bug affects 10 people
Affects Status Importance Assigned to Milestone
Launchpad itself
Undecided
Unassigned

Bug Description

for my dkg0 account, i'm trying to upload my current OpenPGP key, which is an ed25519 key:

pub ed25519 2019-01-19 [C] [expires: 2021-01-18]
      C4BC2DDB38CCE96485EBE9C2F20691179038E5C6
uid [ultimate] Daniel Kahn Gillmor <email address hidden>
uid [ultimate] Daniel Kahn Gillmor <email address hidden>
sub ed25519 2019-01-19 [S] [expires: 2020-01-19]
sub ed25519 2019-01-19 [A] [expires: 2020-01-19]
sub cv25519 2019-01-19 [E] [expires: 2020-01-19]

when i try to do that i get the following error:

------------
 Launchpad could not import your OpenPGP key

    Did you enter your complete fingerprint correctly? (Help with fingerprints)
    Is your key in the Ubuntu keyserver yet? You may have to wait between ten minutes (if you pushed directly to the Ubuntu key server) and one hour (if you pushed your key to another server). (Help with publishing keys)
------------

however, the key is in the ubuntu keyserver: https://keyserver.ubuntu.com/pks/lookup?search=0xC4BC2DDB38CCE96485EBE9C2F20691179038E5C6&op=vindex

I notice that messages from launchpad related to other RSA keys include an OpenPGP Comment field that indicates that it is using GnuPG v1, which doesn't support elliptic curve keys at all. So it's possible that this is the problem. Launchpad should be using a modern version of GnuPG, though.

dkg (dkg0) wrote :

over on https://answers.launchpad.net/launchpad/+question/680583 @cjwatson wrote:

> This is indeed because we're using GnuPG v1. I tried to upgrade to a modern version a while ago but I
> ran into a huge slew of test failures, mainly because of the same sorts of things that Ian Jackson has
> been complaining about for some time (e.g. https://bugs.debian.org/840669). I would like to have
> another go at some point, but it may take a while.

Colin Watson (cjwatson) wrote :

To people who might be inclined to mark this as a duplicate: please note that this is not a duplicate of bug 907675. OpenPGP keys are not SSH keys, and the code involved in handling them is completely separate.

Haruka (mrx) wrote :

Hate to "bump" bugs, but it's been quite a while and it seems I still can't use EdDSA keys.

I've already revoked my old RSA key and creating another key just for ppa sounds ridiculous for me.

Any plan to revisit this soon?

Shaun Murphy (shoonmcgregor) wrote :

This issue is also impacting me.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.