Can't load ed25519 keys to pageant, with KeeAgent 0.13.1 and 0.13.2

[topia]

I don't know how to debug this issue, but I can't load my ed25519 keys (I tried with two different keys) after upgrading to 0.13.1/0.13.2.
I rollbacked it to 0.12.1, and I confirmed it works as expected.

Any idea to debug this? I got the following message box for that, but no details are found.

---------------------------
KeePass
---------------------------
KeeAgent: Error while loading key from entry 'main\ssh agent\ed25519-key'



Agent Failure



Possible causes:



- Key is already loaded in agent



- Agent is locked
---------------------------
OK   
---------------------------

additional info: I'm using PuTTY pre-0.78 build, but I'm not sure if it's related or not.

[dlech]

Can you create an new key that reproduces the problem and attach it to this issue?

[topia]

test-ed25519-key.txt
I confirmed that this newly-created (with puttygen) ed25519 key can reproduce my problem.

[xyrolaith]

I got the same problem.
My first guess was an issue with the special characters in the passphrase but if I export the key file to disk and load it manually everything works fine.

[topia]

@dlech, Can I help you to investigate this issue by adding other information? Or could you give me some pointers to start checking?
I want to use the latest KeeAgent (at least) to make KeePass update checker happy.

[dlech]

I tried the test key provided, but it loads just fine on Windows in agent mode with the file attached to KeePass database entry. Are you using a different setup?

[zantark]

I encountered the same issue after an upgrade to the 13.1/13.2 versions.

My keys were correctly loaded before the upgrade of the plugin.

The only way I found to add the key is to load it from a file through the menu Tools>KeyAgent.
I converted the keys to the PPK v3 format without success: still not loaded.
I finally changed the passphrase on the keys and it worked.
After multiple tries to eliminate each special character I found that the "é" character in my passphrase caused this problem with the new version.
It could be the case with all the characters from the extended ASCII characters set.

[topia]

I tried the test key provided, but it loads just fine on Windows in agent mode with the file attached to KeePass database entry. Are you using a different setup?

I'm sorry that I didn't respond a long time.
I can't know the difference between yours and mine, so I wrote down my environment and step to reproduce.

1. Install PuTTY 0.78 (stable) x64
2. Run Pageant
3. Create a portable KeePass environment with KeePass 2.52 (64-bit) and KeeAgent 0.13.2.
4. Open attached database (example-database.kdbx in example-database.zip) with very weak master password example-database)
5. Right-click on test-ed25519 entry, follow KeeAgent and click on Load SSH Key
6. Failed with the dialog in the description.

It seems like other people don't affect my issue, so I'm looking for another way to debug this issue.

[dlech]

Should be fixed in the latest builds (e.g. https://github.com/dlech/KeeAgent/suites/8813693594/artifacts/401080876) unless this issue is different from #370.

[topia]

@dlech, I think that your reply is for @zantark.
For my problem, I reproduced it with an empty password, so it should be different from #370.

[topia]

I got the message blob from the older (0.12.1) and the latest (0.13.2) by the Visual Studio debugger.

• hexdump (0.12.1)

00: 00 00 00 8e 11 00 00 00 0b 73 73 68 2d 65 64 32  .........ssh-ed2
10: 35 35 31 39 00 00 00 20 42 0d 4f d7 37 2e 6c ac  5519... B.O.7.l.
20: 09 77 3e df 99 59 4f 1f d9 43 6d d6 48 70 b2 e2  .w>..YO..Cm.Hp..
30: ad ac 63 21 54 5a e7 3a 00 00 00 40 74 ac 57 62  ..c!TZ.:...@t.Wb
40: e2 76 13 1c d8 05 54 67 67 01 57 f5 25 30 4c ac  .v....Tgg.W.%0L.
50: 66 13 a4 07 e6 b2 44 0e 3e 2d d6 58 42 0d 4f d7  f.....D.>-.XB.O.
60: 37 2e 6c ac 09 77 3e df 99 59 4f 1f d9 43 6d d6  7.l..w>..YO..Cm.
70: 48 70 b2 e2 ad ac 63 21 54 5a e7 3a 00 00 00 12  Hp....c!TZ.:....
80: 65 64 64 73 61 2d 6b 65 79 2d 32 30 32 32 30 39  eddsa-key-202209
90: 33 30                                            30

• hexdump (0.13.2)

00: 00 00 00 5c 11 00 00 00 0b 73 73 68 2d 65 64 32  ...\.....ssh-ed2
10: 35 35 31 39 00 00 00 20 42 0d 4f d7 37 2e 6c ac  5519... B.O.7.l.
20: 09 77 3e df 99 59 4f 1f d9 43 6d d6 48 70 b2 e2  .w>..YO..Cm.Hp..
30: ad ac 63 21 54 5a e7 3a 00 00 00 20 74 ac 57 62  ..c!TZ.:... t.Wb
40: e2 76 13 1c d8 05 54 67 67 01 57 f5 25 30 4c ac  .v....Tgg.W.%0L.
50: 66 13 a4 07 e6 b2 44 0e 3e 2d d6 58 00 00 00 00  f.....D.>-.X....

it seems truncated, but I don't know why.

[topia]

I dug to SshAgentLib/AgentClient.cs.
on 0.12.1, AddBlobs ed25519PrivateKeyParameters.Signature, it has 0x40 bytes (signature).
on 0.13.2, AddBlobs ed25519PrivateKeyParameters.GetEncoded(), it seems like 0x20 bytes (key). https://github.com/bcgit/bc-csharp/blob/d775804e67e0c59956541cea55a159a4fe544c85/crypto/src/crypto/parameters/Ed25519PrivateKeyParameters.cs#L17 / https://github.com/bcgit/bc-csharp/blob/d775804e67e0c59956541cea55a159a4fe544c85/crypto/src/crypto/parameters/Ed25519PrivateKeyParameters.cs#L70

But I'm very confused that it works on your side.

[topia]

In golang implementation, the ed25519 private key should be 0x40 bytes and it is constructed by concatenating the private part and the public part.
https://cs.opensource.google/go/go/+/refs/tags/go1.19.2:src/crypto/ed25519/ed25519.go;l=137-138

[topia]

I tried to send the full private key, I confirmed I could load my test key to pageant.

                 case PublicKeyAlgorithm.SshEd25519:
                     var ed25519PublicKeyParameters =
                         key.GetPublicKeyParameters() as Ed25519PublicKeyParameters;
                     var ed25519PrivateKeyParameters =
                         key.GetPrivateKeyParameters() as Ed25519PrivateKeyParameters;
                     builder.AddBlob(ed25519PublicKeyParameters.GetEncoded());
-                    builder.AddBlob(ed25519PrivateKeyParameters.GetEncoded());
+                    var b = new byte[0x40];
+                    Array.Copy(ed25519PrivateKeyParameters.GetEncoded(), b, 0x20);
+                    Array.Copy(ed25519PublicKeyParameters.GetEncoded(), 0, b, 0x20, 0x20);
+                    builder.AddBlob(b);
                     break;

[dlech]

You did not mention that you are running in Client Mode and I forgot to ask and assumed Agent Mode, so that is probably the difference. Nice work on finding the problem.

[topia]

@dlech Thank you for fixing it!
I'm sorry, I assumed that I mentioned that with the to pageant part of this subject because I was sure it's PuTTY agent - an external program. Thank you for the clarification!