Unable to use security key to commit signing using SSH keypair

Unable to use security key to commit signing using SSH keypair

[Marcos Alano]

Hello fellows!

I'm able to sign commits using SSH keypair, but the keypair must be 
located in a file. If I try to use a SSH keypair in a security key (like 
an YubiKey) I get an error. I used this commands to do the test:
```
ssh-keygen -t ed25519-sk -f ~/.ssh/id_ed25519_sk
git config --global gpg.format ssh
git config --global user.signingkey "$(cat ~/.ssh/id_ed25519_sk.pub)"
git commit -S --allow-empty --message="Testing"
```

Bnd I get this error:
```
error: Couldn't load public key sk-ssh-ed25519@openssh.com <my key id>: 
No such file or directory?

fatal: failed to write commit object
```
I did the same thing with a plain ed25519 keypair and worked.

Am I doing anything wrong or security keys aren't supported yet?

Thank you for any help,
-- 
Marcos Alano

Re: Unable to use security key to commit signing using SSH keypair

[Fabian Stelzer]

On 27.06.2022 21:09, Marcos Alano wrote:
>Hello fellows!
>
>I'm able to sign commits using SSH keypair, but the keypair must be 
>located in a file. If I try to use a SSH keypair in a security key 
>(like an YubiKey) I get an error. I used this commands to do the test:
>```
>ssh-keygen -t ed25519-sk -f ~/.ssh/id_ed25519_sk
>git config --global gpg.format ssh
>git config --global user.signingkey "$(cat ~/.ssh/id_ed25519_sk.pub)"

Did you try just putting the public keys path into user.signingkey?
Literal keys would need to be prefixed with `key::`

git config --global user.signingkey ~/.ssh/id_ed25519_sk.pub
should be just fine.

Also, the private key needs to be available in your ssh agent. If in doubt 
you can check with a `ssh-add -L`.

>git commit -S --allow-empty --message="Testing"
>```
>
>Bnd I get this error:
>```
>error: Couldn't load public key sk-ssh-ed25519@openssh.com <my key 
>id>: No such file or directory?
>
>fatal: failed to write commit object
>```
>I did the same thing with a plain ed25519 keypair and worked.
>
>Am I doing anything wrong or security keys aren't supported yet?
>
>Thank you for any help,
>-- 
>Marcos Alano

Re: Unable to use security key to commit signing using SSH keypair

[Marcos Alano]

On 28/06/2022 13:23, Fabian Stelzer wrote:
> On 27.06.2022 21:09, Marcos Alano wrote:
>> Hello fellows!
>>
>> I'm able to sign commits using SSH keypair, but the keypair must be 
>> located in a file. If I try to use a SSH keypair in a security key 
>> (like an YubiKey) I get an error. I used this commands to do the test:
>> ```
>> ssh-keygen -t ed25519-sk -f ~/.ssh/id_ed25519_sk
>> git config --global gpg.format ssh
>> git config --global user.signingkey "$(cat ~/.ssh/id_ed25519_sk.pub)"
> 
> Did you try just putting the public keys path into user.signingkey?
> Literal keys would need to be prefixed with `key::`
> 
Thank you, worked like a charm. Every documentation I read told me to 
use the plain public key, without the path or the prefix you indicated. 
And worked well with a regular keypair.

Using the path and prefixing the public key worked.

You have my gratitude. :)

Stay well,
> git config --global user.signingkey ~/.ssh/id_ed25519_sk.pub
> should be just fine.
> 
> Also, the private key needs to be available in your ssh agent. If in 
> doubt you can check with a `ssh-add -L`.
> 
>> git commit -S --allow-empty --message="Testing"
>> ```
>>
>> Bnd I get this error:
>> ```
>> error: Couldn't load public key sk-ssh-ed25519@openssh.com <my key 
>> id>: No such file or directory?
>>
>> fatal: failed to write commit object
>> ```
>> I did the same thing with a plain ed25519 keypair and worked.
>>
>> Am I doing anything wrong or security keys aren't supported yet?
>>
>> Thank you for any help,
>> -- 
>> Marcos Alano

-- 
Marcos Alano