How does one use this app with a private github.com repo?

[themightyoarfish]

I used this app on an older android and did not have this problem there, though I may have set it up before github changed its stance on RSA keys. Now I'm trying to restore my setup with a new phone on lineageos 20 and app version 1.3.3

The wiki says, one should generate an rsa key

ssh-keygen -t rsa -b 3072 -C "Android Password Store" -f /tmp/id_rsa_droid

however, this results in an error when cloning. The message is something like

ERROR: You're using an RSA key with SHA-1, which is no longer allowed.

It's not quite clear to me if this is a message from the server, but I suspect so. The github doc itself says one should generate an ed25519 key.
Now when I do this and import the generated private key file, the app says "Imported" in the toast, but when cloning comes up with

Unable to open the ssh-key, please check that it was imported"

Same after applying this workaround, which did work for an rsa key.

So

• RSA -> converts and can be imported but won't work with github
• curve-> converts, but cannot be imported and maybe works with github

Has anyone had any success with having a private repo on github.com?

[msfjarvis]

The wiki contains outdated user-contributed content that is no longer maintained.

Regarding what key to use, my suggested method is to generate an ED25519 key from within the app and add the public key as a Deploy Key to your pass repository which ensures that the secret key is not lying around in a potentially compromisable location as well as limits its access to the single repository it is meant to be used for.

[themightyoarfish]

How can I generate such a key within the app? The only setting exposed here is the number of bits.

[themightyoarfish]

I can make it work with a personal access token, which might be preferred anyway, but it would be nice if the app had better errors if key import did not actually succeed (the toast doesn't seem to mean anything currently?).

[msfjarvis]

The app does not try to process the key in any way upon import other than doing a basic sanity check to ensure it looks like a SSH key. If there are errors when using the key during connection, they're exposed properly to the user. I don't know what version of the app you've installed and from where because both the current stable release as well as the latest development build expose key types in the SSH key generation option, not bits.

[holderl5]

I am using Android Password Store version 1.3.3 and I can't see the new version, says it is incompatible with my device.

I just updated my private VPS server and ran into this issue. In one of the issues reported, I saw a comment that using -m PEM would make ssh keys work. I saw somewhere else (maybe superuser) to try ecdsa. That combo seemed to work, no idea if it works on github.com, but I did the following:
ssh-keygen -t ecdsa -m PEM

I set a passphrase when creating the key.
I copied the private key via SSH to my android device, and imported using the import key
Copied the public part to my server and now my new server accepts synchronize repository