op-ssh-sign fails when passed non-UTF-8 payloads
Hi 1Password team,
I’ve run into an issue when using op-ssh-sign as a signing backend for tools other than Git, specifically patatt, which signs patch emails using GPG/SSH keys.
patatt looks up gpg.ssh.program in the Git config to determine what binary to invoke when performing OpenSSH signing (it uses ssh-keygen -Y sign under the hood). If you’ve followed the 1Password docs for Git signing and added this config:
[gpg "ssh"]
program = /Applications/1Password.app/Contents/MacOS/op-ssh-sign…then any tool that reads gpg.ssh.program—like patatt—will end up calling op-ssh-sign, even if it’s not signing Git commits.
Unfortunately, op-ssh-sign seems to require that its input be valid UTF-8. This is fine for Git commit signing (since commit headers are UTF-8), but it breaks when tools like patatt try to sign arbitrary binary data (e.g. hashed headers).
Reproducible test case:
# Export the 1Password agent socket
export SSH_AUTH_SOCK="$HOME/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
# Export your public key from the agent to ~/.ssh/id_ed25519.pub
# (Replace this with your actual public key string if needed)
ssh-add -L | grep ed25519 > ~/.ssh/id_ed25519.pub
# This works
head -c 32 /dev/urandom | ssh-keygen -Y sign -n patatt -f ~/.ssh/id_ed25519.pub
# This doesnt'
head -c 32 /dev/urandom | /Applications/1Password.app/Contents/MacOS/op-ssh-sign -Y sign -n patatt -f ~/.ssh/id_ed25519.pubop-ssh-sign appears to require the payload being signed to be valid UTF-8. This breaks legitimate OpenSSH workflows where the input is an arbitrary byte stream (like a SHA256 hash), which ssh-keygen -Y sign supports just fine.
- Clarification: Is the UTF-8 requirement in op-ssh-sign intentional or a limitation?
- If it is intentional, could the documentation note that this is not a drop-in replacement for ssh-keygen?
- Ideally, op-ssh-sign would support arbitrary input, which would make it more broadly compatible with tools that build on OpenSSH signing primitives (like patatt and git-sign).
- Alternatively, can we sidestep this so tools like patatt can work properly? I could override the SSH program for patatt specifically, but that seems like playing whack-a-mole.
Thanks for the otherwise excellent SSH key integration!
