Ed25519 keys generated with 1Password cannot be loaded in macOS OpenSSH
When I generate a Ed25519 key in 1Password and try to copy out the private key manually for use there is an error. Adding the key to the keychain complains with:
❯ ssh-add ~/.ssh/looker_govqa Error loading key "/Users/ashinn/.ssh/looker_govqa": invalid format
It would be nice if there was a way to export this in a format that works natively with ssh-add
.
1Password Version: 8.8.0
Extension Version: 80800011
OS Version: macOS 12.3.1
Comments
-
The format you get when copying the key is indeed not the right format that
ssd-add
accepts for Ed25519 keys. This is something we're looking to improve, but what should already work in the mean time is if you use theDownload
option instead.Out of curiosity, what makes you want to export the private key? Is there a place where the 1Password agent doesn't work for you?
0 -
I am not using the agent. These keys are used in a CI/CD process.
0 -
Seconding this, I generated an ED25519 key pair in 1Password for use with SSH at a client's request and provided them the public key to allow SSH logins for us to one of their servers. It was only after they implemented the public key on their side that I found I was completely unable to figure out how to use the private key stored in 1P with SSH. Seemingly no set of conversions was possible to utilize this key for this purpose, and I wound up having to generate a new key pair and have the client replace the public key I'd given them from the 1Password 8-generated key pair, which was annoying. More detail on what format 1Password is using for Ed25519 keys and how they can be used with SSH on macOS would be nice.
0 -
Apologies for the double-post; my browser extensions were making me think my first post never went through!
0 -
There is no download option in the desktop app or browser plugin for Mac. To my surprise, I was able to download and use it on Windows though via the desktop app.
I'm using MacOS Monterey 12.4
0 -
This issue also exists on the IOS client with the same solution however it's a much bigger pain to do on IOS for obvious reasons. Please fix this, especially on IOS so copy actually copies the whole key correctly so import into prompt or termius or any other ssh app actually functions.
0 -
Making the
Copy
button copy the key in OpenSSH format for better compatibility is something we're actively working on. Stay tuned!0 -
Chiming in to say that I’m running into this, as well. On iOS, I’m trying to import a 1P-generated private key into Working Copy and am getting an invalid format error.
0 -
Hey @bachya1208, thanks for letting us know you’re running into this too, and for outlining your use-case!
This is indeed a known issue, and something we’re working on improving. Keep an eye out for updates!
0