=== modified file 'debian/mandos-client.postinst'
--- debian/mandos-client.postinst	2019-02-10 03:50:20 +0000
+++ debian/mandos-client.postinst	2019-02-10 08:41:14 +0000
@@ -63,57 +63,67 @@
 	return 0
     fi
 
+    # Remove any bad TLS keys by 1.8.0-1
+    if dpkg --compare-versions "$2" eq "1.8.0-1" \
+       || dpkg --compare-versions "$2" eq "1.8.0-1~bpo9+1"; then
+	# Is the key bad?
+	if ! certtool --password='' \
+	     --load-privkey=/etc/keys/mandos/tls-privkey.pem \
+	     --outfile=/dev/null --pubkey-info --no-text \
+	     2>/dev/null; then
+	    shred --remove -- /etc/keys/mandos/tls-privkey.pem
+	    rm -- /etc/keys/mandos/tls-pubkey.pem
+	fi
+    fi
+
     # If the TLS keys already exists, do nothing
     if [ -r /etc/keys/mandos/tls-privkey.pem \
 	    -a -r /etc/keys/mandos/tls-pubkey.pem ]; then
 	return 0
     fi
 
-    # If this is an upgrade from an old installation, the TLS keys
-    # will not exist; create them.
-
-    # First try certtool from GnuTLS
-    if ! certtool --generate-privkey --password='' \
-	 --outfile /etc/keys/mandos/tls-privkey.pem \
-	 --sec-param ultra --key-type=ed25519 --pkcs8 --no-text \
-	 2>/dev/null; then
-	# Otherwise try OpenSSL
-	if ! openssl genpkey -algorithm X25519 \
-	     -out /etc/keys/mandos/tls-privkey.pem; then
-	    rm --force /etc/keys/mandos/tls-privkey.pem
-	    # None of the commands succeded; give up
-	    return 1
-	fi
-    fi
-
-    local umask=$(umask)
-    umask 077
-    # First try certtool from GnuTLS
-    if ! certtool --password='' \
-	 --load-privkey=/etc/keys/mandos/tls-privkey.pem \
-	 --outfile=/etc/keys/mandos/tls-pubkey.pem --pubkey-info \
-	 --no-text 2>/dev/null; then
-	# Otherwise try OpenSSL
-	if ! openssl pkey -in /etc/keys/mandos/tls-privkey.pem \
-	     -out /etc/keys/mandos/tls-pubkey.pem -pubout; then
-	    rm --force /etc/keys/mandos/tls-pubkey.pem
-	    # None of the commands succeded; give up
-	    umask $umask
-	    return 1
-	fi
-    fi
-    umask $umask
-
-    key_id=$(mandos-keygen --passfile=/dev/null \
-		 | grep --regexp="^key_id[ =]")
-
-    db_version 2.0
-    db_fset mandos-client/key_id seen false
-    db_reset mandos-client/key_id
-    db_subst mandos-client/key_id key_id $key_id
-    db_input critical mandos-client/key_id || true
-    db_go
-    db_stop
+    # Try to create the TLS keys
+
+    TLS_PRIVKEYTMP="`mktemp -t mandos-client-privkey.XXXXXXXXXX`"
+
+    if certtool --generate-privkey --password='' \
+		--outfile "$TLS_PRIVKEYTMP" --sec-param ultra \
+		--key-type=ed25519 --pkcs8 --no-text 2>/dev/null; then
+
+	local umask=$(umask)
+	umask 077
+	cp --archive "$TLS_PRIVKEYTMP" /etc/keys/mandos/tls-privkey.pem
+	shred --remove -- "$TLS_PRIVKEYTMP"
+
+	# First try certtool from GnuTLS
+	if ! certtool --password='' \
+	     --load-privkey=/etc/keys/mandos/tls-privkey.pem \
+	     --outfile=/etc/keys/mandos/tls-pubkey.pem --pubkey-info \
+	     --no-text 2>/dev/null; then
+	    # Otherwise try OpenSSL
+	    if ! openssl pkey -in /etc/keys/mandos/tls-privkey.pem \
+		 -out /etc/keys/mandos/tls-pubkey.pem -pubout; then
+		rm --force /etc/keys/mandos/tls-pubkey.pem
+		# None of the commands succeded; give up
+		umask $umask
+		return 1
+	    fi
+	fi
+	umask $umask
+
+	key_id=$(mandos-keygen --passfile=/dev/null \
+		     | grep --regexp="^key_id[ =]")
+
+	db_version 2.0
+	db_fset mandos-client/key_id seen false
+	db_reset mandos-client/key_id
+	db_subst mandos-client/key_id key_id $key_id
+	db_input critical mandos-client/key_id || true
+	db_go
+	db_stop
+    else
+	shred --remove -- "$TLS_PRIVKEYTMP"
+    fi
 }
 
 create_dh_params(){

=== modified file 'debian/mandos.postinst'
--- debian/mandos.postinst	2019-02-10 03:50:20 +0000
+++ debian/mandos.postinst	2019-02-10 08:41:14 +0000
@@ -56,6 +56,22 @@
 	    chmod u=rwx,go= /var/lib/mandos
 	fi
 
+	if dpkg --compare-versions "$2" eq "1.8.0-1" \
+		|| dpkg --compare-versions "$2" eq "1.8.0-1~bpo9+1"; then
+	    if grep --quiet --regexp='^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$' /etc/mandos/clients.conf; then
+		sed --in-place \
+		    --expression='/^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$/d' \
+		    /etc/mandos/clients.conf
+		invoke-rc.d mandos restart
+		db_version 2.0
+		db_fset mandos/removed_bad_key_ids seen false
+		db_reset mandos/removed_bad_key_ids
+		db_input critical mandos/removed_bad_key_ids || true
+		db_go
+		db_stop
+	    fi
+	fi
+
 	gnutls_version=$(dpkg-query --showformat='${Version}' \
 				    --show libgnutls30 \
 				    2>/dev/null || :)

=== modified file 'debian/mandos.templates'
--- debian/mandos.templates	2019-02-10 03:50:20 +0000
+++ debian/mandos.templates	2019-02-10 08:41:14 +0000
@@ -12,3 +12,8 @@
  Note: the client must all also be using GnuTLS 3.6.6 or later; the server cannot serve passwords for both old and new clients!
  .
  Rationale: With GnuTLS 3.6.6, Mandos has been forced to stop using OpenPGP keys as TLS session keys.  A new TLS key pair will be generated on each client and will be used as identification, but the key ID of the public key needs to be added to this server, since this will now be used to identify the client to the server.
+
+Template: mandos/removed_bad_key_ids
+Type: note
+Description: Bad key IDs have been removed from clients.conf
+ Bad key IDs, which were reported by a bug in Mandos client 1.8.0, have been removed from /etc/mandos/clients.conf

=== modified file 'mandos'
--- mandos	2019-02-10 04:59:28 +0000
+++ mandos	2019-02-10 08:41:14 +0000
@@ -2700,6 +2700,8 @@
             address = request[3]
 
             for c in self.clients.values():
+                if key_id == "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855":
+                    continue
                 if key_id and c.key_id == key_id:
                     client = c
                     break

=== modified file 'mandos-keygen'
--- mandos-keygen	2019-02-10 04:59:28 +0000
+++ mandos-keygen	2019-02-10 08:41:14 +0000
@@ -187,6 +187,7 @@
     
     # Create temporary gpg batch file
     BATCHFILE="`mktemp -t mandos-keygen-batch.XXXXXXXXXX`"
+    TLS_PRIVKEYTMP="`mktemp -t mandos-keygen-privkey.XXXXXXXXXX`"
 fi
 
 if [ "$mode" = password ]; then
@@ -201,6 +202,7 @@
 trap "
 set +e; \
 test -n \"$SECFILE\" && shred --remove \"$SECFILE\"; \
+test -n \"$TLS_PRIVKEYTMP\" && shred --remove \"$TLS_PRIVKEYTMP\"; \
 shred --remove \"$RINGDIR\"/sec* 2>/dev/null;
 test -n \"$BATCHFILE\" && rm --force \"$BATCHFILE\"; \
 rm --recursive --force \"$RINGDIR\";
@@ -241,44 +243,37 @@
 	echo -n "Started: "
 	date
     fi
-    
-    # Backup any old key files
-    if cp --backup=numbered --force "$TLS_PRIVKEYFILE" "$TLS_PRIVKEYFILE" \
-	2>/dev/null; then
-	shred --remove "$TLS_PRIVKEYFILE"
-    fi
-    if cp --backup=numbered --force "$TLS_PUBKEYFILE" "$TLS_PUBKEYFILE" \
-	2>/dev/null; then
-	rm --force "$TLS_PUBKEYFILE"
-    fi
-
-    ## Generate TLS private key
-
-    # First try certtool from GnuTLS
-    if ! certtool --generate-privkey --password='' \
-	 --outfile "$TLS_PRIVKEYFILE" --sec-param ultra \
-	 --key-type="$TLS_KEYTYPE" --pkcs8 --no-text 2>/dev/null; then
-	# Otherwise try OpenSSL
-	if ! openssl genpkey -algorithm X25519 -out \
-	     /etc/keys/mandos/tls-privkey.pem; then
-	    rm --force /etc/keys/mandos/tls-privkey.pem
-	    # None of the commands succeded; give up
-	    return 1
+
+    # Generate TLS private key
+    if certtool --generate-privkey --password='' \
+		--outfile "$TLS_PRIVKEYTMP" --sec-param ultra \
+		--key-type="$TLS_KEYTYPE" --pkcs8 --no-text 2>/dev/null; then
+	
+	# Backup any old key files
+	if cp --backup=numbered --force "$TLS_PRIVKEYFILE" "$TLS_PRIVKEYFILE" \
+	      2>/dev/null; then
+	    shred --remove "$TLS_PRIVKEYFILE"
 	fi
-    fi
-
-    ## TLS public key
-
-    # First try certtool from GnuTLS
-    if ! certtool --password='' --load-privkey="$TLS_PRIVKEYFILE" \
-	 --outfile="$TLS_PUBKEYFILE" --pubkey-info --no-text \
-	 2>/dev/null; then
-	# Otherwise try OpenSSL
-	if ! openssl pkey -in "$TLS_PRIVKEYFILE" \
-	     -out "$TLS_PUBKEYFILE" -pubout; then
+	if cp --backup=numbered --force "$TLS_PUBKEYFILE" "$TLS_PUBKEYFILE" \
+	      2>/dev/null; then
 	    rm --force "$TLS_PUBKEYFILE"
-	    # None of the commands succeded; give up
-	    return 1
+	fi
+	cp --archive "$TLS_PRIVKEYTMP" "$TLS_PRIVKEYFILE"
+	shred --remove "$TLS_PRIVKEYTMP"
+
+	## TLS public key
+
+	# First try certtool from GnuTLS
+	if ! certtool --password='' --load-privkey="$TLS_PRIVKEYFILE" \
+	     --outfile="$TLS_PUBKEYFILE" --pubkey-info --no-text \
+	     2>/dev/null; then
+	    # Otherwise try OpenSSL
+	    if ! openssl pkey -in "$TLS_PRIVKEYFILE" \
+		 -out "$TLS_PUBKEYFILE" -pubout; then
+		rm --force "$TLS_PUBKEYFILE"
+		# None of the commands succeded; give up
+		return 1
+	    fi
 	fi
     fi
     
@@ -369,16 +364,18 @@
     
     test -n "$FINGERPRINT"
     
-    KEY_ID="$(certtool --key-id --hash=sha256 \
+    if [ -r "$TLS_PUBKEYFILE" ]; then
+       KEY_ID="$(certtool --key-id --hash=sha256 \
     		       --infile="$TLS_PUBKEYFILE" 2>/dev/null || :)"
 
-    if [ -z "$KEY_ID" ]; then
-	KEY_ID=$(openssl pkey -pubin -in /tmp/tls-pubkey.pem \
-			 -outform der \
-		     | openssl sha256 \
-		     | sed --expression='s/^.*[^[:xdigit:]]//')
+       if [ -z "$KEY_ID" ]; then
+	   KEY_ID=$(openssl pkey -pubin -in "$TLS_PUBKEYFILE" \
+			    -outform der \
+			| openssl sha256 \
+			| sed --expression='s/^.*[^[:xdigit:]]//')
+       fi
+       test -n "$KEY_ID"
     fi
-    test -n "$KEY_ID"
     
     FILECOMMENT="Encrypted password for a Mandos client"
     
@@ -419,7 +416,11 @@
     cat <<-EOF
 	[$KEYNAME]
 	host = $KEYNAME
-	key_id = $KEY_ID
+	EOF
+    if [ -n "$KEY_ID" ]; then
+	echo "key_id = $KEY_ID"
+    fi
+    cat <<-EOF
 	fingerprint = $FINGERPRINT
 	secret =
 	EOF