could not create a keypair / sign a single file

Vasiliy testtest_2005 at ukr.net
Mon Jul 1 12:08:14 CEST 2013


Thank you for your reply, your first suggestion was helpful. Despite
all the lines in ~/.gnupg/trustlist.txt were no longer than 61
characters each (plus I added the last line manually), I've just
re-created trustlist.txt as it was described on:
http://www.claws-mail.org/faq/index.php/S/MIME_howto , and gpgsm was
able to produce a signature.

I've re-checked my libraries again (take a look at my previous post
also), and all the libraries are the latest ones:

...
configure: checking for libraries
checking for gpg-error-config... /usr/bin/gpg-error-config
checking for GPG Error - version >= 1.11... yes (1.13-beta1)
checking for libgcrypt-config... /usr/bin/libgcrypt-config
checking for LIBGCRYPT - version >= 1.5.0... yes (1.6.0-beta154)
checking LIBGCRYPT API version... okay
checking for libassuan-config... /usr/bin/libassuan-config
checking for LIBASSUAN - version >= 2.1.0... yes (2.1.2-beta1)
checking LIBASSUAN API version... okay
checking for ksba-config... /usr/bin/ksba-config
checking for KSBA - version >= 1.2.0... yes (1.3.1-beta3)
checking KSBA API version... okay
checking for usb_bulk_write in -lusb... no
checking for usb_create_match... no
checking for library containing dlopen... none required
checking for encfs... /usr/bin/encfs
checking for fusermount... /usr/bin/fusermount
checking for openpty in -lutil... yes
checking for shred... /usr/bin/shred
checking for npth-config... /usr/bin/npth-config
checking for NPTH - version >= 0.91... yes (0.91)
checking NPTH API version... okay
...

...however, I still could not create a keypair with gpgsm, though
doing so with gpg/gpg2 works just fine (why also we have to add quotes
around Name-DN?). In addition, I have to kill gpg-agent.exe process
every time I need it to start responding to follow-up queries. For
some obstructive reason, it does not after its successful first reply.

$ gpgsm --gen-key
gpgsm (GnuPG) 2.1.0-beta220; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION!
gpgsm: It is only intended for test purposes and should NOT be
gpgsm: used in a production environment or with production keys!
gpgsm: enabled debug flags: assuan
Please select what kind of key you want:
   (1) RSA
   (2) Existing key
   (3) Existing key from card
Your selection? 1
What keysize do you want? (2048) 16834
RSA keysizes must be in the range 1024-4096
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Possible actions for a RSA key:
   (1) sign, encrypt
   (2) sign
   (3) encrypt
Your selection? 1
Enter the X.509 subject name: NAME
Invalid subject name 'NAME'
                      ^
Enter the X.509 subject name: 'NAME'
Enter email addresses (end with an empty line):
>
Enter DNS names (optional; end with an empty line):
>
Enter URIs (optional; end with an empty line):
>
Create self-signed certificate? (y/N) Y
These parameters are used:
    Key-Type: RSA
    Key-Length: 4096
    Key-Usage: sign, encrypt
    Serial: random
    Name-DN: 'NAME'

Proceed with creation? (y/N) Y
Now creating self-signed certificate.  This may take a while ...
gpgsm: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpgsm: waiting for the agent to come up ... (5s)
gpgsm: waiting for the agent to come up ... (4s)
gpgsm: DBG: chan_4 <- OK Pleased to meet you, process 6944
gpgsm: connection to agent established
gpgsm: DBG: chan_4 -> RESET
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION ttyname=/dev/pty0
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION ttytype=xterm
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION display=:0.0
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION xauthority=~/.Xauthority
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION lc-ctype=en_US.UTF-8
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION lc-messages=en_US.UTF-8
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION allow-pinentry-notify
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> RESET
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> GENKEY
gpgsm: DBG: chan_4 <- S INQUIRE_MAXLEN 1024
gpgsm: DBG: chan_4 <- INQUIRE KEYPARAM
gpgsm: DBG: chan_4 -> D (6:genkey(3:rsa(5:nbits4:4096)))
gpgsm: DBG: chan_4 -> END
gpgsm: DBG: chan_4 <- INQUIRE PINENTRY_LAUNCHED 27592
gpgsm: DBG: chan_4 -> END
gpgsm: DBG: chan_4 <- INQUIRE PINENTRY_LAUNCHED 31548
gpgsm: DBG: chan_4 -> END
gpgsm: DBG: chan_4 <- INQUIRE PINENTRY_LAUNCHED 27460
gpgsm: DBG: chan_4 -> END
gpgsm: DBG: chan_4 <- INQUIRE PINENTRY_LAUNCHED 26340
gpgsm: DBG: chan_4 -> END
gpgsm: DBG: chan_4 <- S CACHE_NONCE F8536E97B6E8BEC79E037C13
gpgsm: DBG: chan_4 <- [ 44 20 28 31 30 3a 70 75 62 6c 69 63 2d 6b 65
79 ...(556 byte(s) skipped) ]
gpgsm: DBG: chan_4 <- OK
gpgsm: error setting the subject's name: Not implemented
gpgsm: error creating certificate request: Not implemented <KSBA>
secmem usage: 0/65536 bytes in 0 blocks

On Sun, Jun 30, 2013 at 11:46 PM, Werner Koch wrote:
> On Sat, 29 Jun 2013 09:37, Vasiliy said:
>
>> gpgsm: DBG: chan_4 -> ISTRUSTED FB7EAD4851BE76AF04486BA4738A744BFB50DE86
>> gpgsm: DBG: chan_4 <- ERR 67108961 Line too long <GPG Agent>
>> gpgsm: checking the trust list failed: Line too long
>
> Please check ~/.gnupg.trustlist.txt.  A line is longer that 255 bytes.
> You will find the above fingerprint there - what is special with that
> line?  Did you edit it manually, has it been added by GnuPG, or was it
> created by Kleopatra or another tool?
>
>> gpgsm: error setting the subject's name: Not implemented
>> gpgsm: error creating certificate request: Not implemented <KSBA>
>
> You libksba is too old.
>
>
> Shalom-Salam,
>
>    Werner
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>



More information about the Gcrypt-devel mailing list