18

Package resolution is suddenly failing in Xcode. I tried the following options:

  1. Reset cache under File/Packages/Reset Package Caches
  2. Delete shared SPM cache using rm -Rf ~/Library/Caches/org.swift.swiftpm/

I can see the following error for different packages.

You're using an RSA key with SHA-1, which is no longer allowed. Please use newer client or a different key type.

TylerH
  • 20,799
  • 66
  • 75
  • 101
Haseeb Iqbal
  • 1,455
  • 13
  • 20

1 Answers1

37

After looking around, I found a GitHub security blog post that mentions that from 15th March 2022 onward, RSA keys with SHA-1 are no longer accepted. See the blog post here.

I tried creating an SSH key with the command provided in GitHub's documentation but Xcode does not accept the ED25519 encryption method, and commands provided by GitHub docs do not work.

Eventually I found this nice post that explains the issue and offers an alternative encryption method, ECDSA, that is accepted by Xcode.

Use the following command to create new SSH key and add it to GitHub.

ssh-keygen -t ecdsa -b 521 -C "your_email@example.com"

TylerH
  • 20,799
  • 66
  • 75
  • 101
Haseeb Iqbal
  • 1,455
  • 13
  • 20
  • 1
    I've t tried every ssh-keygen command I've found and I still have this issue. I'm pretty sure there's another problem unrelated to the keys. – Pacu Mar 28 '22 at 21:30
  • @Pacu You cannot create the key or the key does not work with Github? – Haseeb Iqbal Mar 29 '22 at 08:45
  • I created the keys perfectly. But the problem does not go away. I downgraded Xcode and I was able to work with the same keys that were not working on 13.3 – Pacu Mar 30 '22 at 19:02
  • @Pacu I downloaded Xcode 13.3 and had no issues. Did you set the right key under "Xcode/Preferences/Accounts/Github/SSH Key:" ? – Haseeb Iqbal Mar 31 '22 at 13:55
  • Xcode 14 and later supports ED25519 keys. https://developer.apple.com/documentation/xcode-release-notes/xcode-14-release-notes *Xcode now supports generating and using externally-generated ED25519 and ECDSA keys to perform git SSH operations. (85009643)* – guru_meditator Dec 23 '22 at 02:43
  • I prefer to rely on `ssh-keygen` to choose the bits. Other than that, this (`ssh-keygen -t ecdsa`) solved it for me. – x-yuri Jan 17 '23 at 15:13