Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
Both correct and surprising non-interactive gen-key (was: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled")
peter at digitalbrains
Sep 5, 2018, 6:20 AM
Post #1 of 4 (332 views)
Permalink
On 31/08/18 19:11, Fiedler Roman wrote:
> [.'/usr/bin/gpg', '--homedir', '/tmp/tmp-3abk6l8', '--with-colons', '--status-fd', '2', '--pinentry-mode', 'loopback', '--batch', '--gen-key', '--command-fd', '0']

It is unclear where the passphrase is supposed to come from... so I
think it's correct that GnuPG CANcels. Oh, by the way, commands should
come last for robustness.

I discovered something odd though:

--8<---------------cut here---------------start------------->8---
$ cat passphrase
my_passphrase
$ cat template
%echo Generating key
Key-Type: RSA
Key-Length: 1024
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: AutomationKey
Expire-Date: 0
%commit
$ exec 3<&- 3<passphrase
$ cat template|gpg --with-colons --status-fd 2 --pinentry-mode loopback --batch --command-fd 0 --passphrase-fd 3 --gen-key
gpg: Generating key
gpg: key EC343B15345F4B66 marked as ultimately trusted
[GNUPG:] KEY_CONSIDERED 4B3A993572D5ED206D240D91EC343B15345F4B66 0
gpg: revocation certificate stored as '/home/peter/.gnupg/openpgp-revocs.d/4B3A993572D5ED206D240D91EC343B15345F4B66.rev'
[GNUPG:] KEY_CREATED B 4B3A993572D5ED206D240D91EC343B15345F4B66
--8<---------------cut here---------------end--------------->8---

That works, with passphrase on fd 3 and command on fd 0. I should delete
it though, "ultimately trusted" no thanks. But:

--8<---------------cut here---------------start------------->8---
$ exec 3<&- 3<template
$ cat passphrase|gpg --with-colons --status-fd 2 --pinentry-mode loopback --batch --command-fd 3 --passphrase-fd 0 --gen-key
$
--8<---------------cut here---------------end--------------->8---

Doesn't do anything.

--8<---------------cut here---------------start------------->8---
$ exec 3<&- 3<template
$ cat passphrase|gpg --with-colons --status-fd 2 --pinentry-mode loopback --batch --command-fd 3 --gen-key
gpg: -:1: missing colon
$
--8<---------------cut here---------------end--------------->8---

g10/keygen.c appears to be trying to read commands from fd 0 even though
I said fd 3. There's no colon in the "command" my_passphrase, so it
errors.

For now, I'd say go with the one that works. But I don't understand why
the others behave as they do.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

Attached Files:

AW: Both correct and surprising non-interactive gen-key (was: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled") [ In reply to ]
Roman.Fiedler at ait
Sep 5, 2018, 6:50 AM
Post #2 of 4 (332 views)
Permalink
> Von: Peter Lebbing [mailto:peter@digitalbrains.com]
> Gesendet: Mittwoch, 5. September 2018 15:21
> An: Fiedler Roman <Roman.Fiedler@ait.ac.at>; gnupg-users@gnupg.org
> Betreff: Both correct and surprising non-interactive gen-key (was: How to fix
> "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been
> cancelled")
>
> On 31/08/18 19:11, Fiedler Roman wrote:
> > ['/usr/bin/gpg', '--homedir', '/tmp/tmp-3abk6l8', '--with-colons', '--status-fd',
> '2', '--pinentry-mode', 'loopback', '--batch', '--gen-key', '--command-fd', '0']
>
> It is unclear where the passphrase is supposed to come from... so I
> think it's correct that GnuPG CANcels. Oh, by the way, commands should
> come last for robustness.

Just for clarification:

The "--pinentry-mode" is here only to make gpg-agent/gpg2 happy to get rid
of tty-related errors. The batch commands do not request any passphrase
to be set, so it should never be read - but maybe I do understand "batch-mode"
the same way (consequence: never ask anything) compared to the gpg-meaning
of batch.

@Peter: thanks for looking at it more closely. There might be quite some sleeping
dogs in semi/fully-automated gpg2 operation.

> ...

Regards,
Roman
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: AW: Both correct and surprising non-interactive gen-key [ In reply to ]
peter at digitalbrains
Sep 5, 2018, 7:05 AM
Post #3 of 4 (332 views)
Permalink
On 05/09/18 15:50, Fiedler Roman wrote:
> The "--pinentry-mode" is here only to make gpg-agent/gpg2 happy to get rid
> of tty-related errors. The batch commands do not request any passphrase
> to be set, so it should never be read

Can you point to the documentation where it says so? Because the
passphrase is correctly set to "my_passphrase", pinentry-mode should
only ever become relevant when a pinentry is about to invoked, and in
general I just don't see why this should be the case. Additionally, it
makes no sense that there is a "%no-protection" option if this is always
the case anyway. I think that GnuPG 1.4 defaulted to no passphrase if
not supplied with a "Passphrase" option, but this is not GnuPG 1.4; the
"Passphrase" option is a no-op, included only for backwards compatibility.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

Attached Files:

Re: AW: Both correct and surprising non-interactive gen-key [ In reply to ]
peter at digitalbrains
Sep 5, 2018, 7:10 AM
Post #4 of 4 (332 views)
Permalink
On 05/09/18 15:50, Fiedler Roman wrote:
> @Peter: thanks for looking at it more closely. There might be quite some sleeping
> dogs in semi/fully-automated gpg2 operation.

It's just one bug, if even, depending on my understanding of the
mechanism. One swallow does not a summer make; such negativity.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal