2.1.10 with libgcrypt 1.7.0-beta300

Tue Jan 26 12:27:36 CET 2016


NIIBE Yutaka:
> On 01/23/2016 10:11 PM, Fulano Diego Perez wrote:
>> NIIBE Yutaka:
>>> Please note that you need to invoke gpg-agent with LD_LIBRARY_PATH, too.
>>
>> can explain how you mean to invoke ?
> 
> Well, it seems terminology issue.  I mean, to start, to kick the service,
> and to run the service.
> 
> In general, there are multiple ways.  In my case on Debian, I have a
> startup script, /etc/X11/Xsession.d/90gpg-agent, which invokes
> gpg-agent.
> 
>> i export library path for gpg2 and shows expected libgcrypt version
> 
> Exporting library path is also needed for gpg-agent.
> 
>> i can clearsign with ed25519 EDDSA subkey
> 
> This can be done with libgcrypt 1.6.4.
> 
>> i have problem testing encryption with cv25519 subkey
>>
>>
>> tried to test with $ fortune | gpg2 --sign --encrypt -u abc --recipient
>> 123 --recipient 456 | gpg2 --decrypt
>>
>> gpg: ecdh failed in gcry_cipher_decrypt: Checksum error
>> gpg: ecdh failed in gcry_cipher_decrypt: Checksum error
>> gpg: encrypted with 256-bit ECDH key, ID test, created 2016
>>       "test"
>> gpg: public key decryption failed: Checksum error
>> gpg: encrypted with 256-bit ECDH key, ID test, created 2016
>>       test2
>> gpg: public key decryption failed: Checksum error
>> gpg: decryption failed: No secret key
>>
>> i have secret key
> 
> I know.  The problem is the version of libgcrypt of gpg-agent.
> 
> Public key handling is the role of gpg frontend, while secret key
> handling is done by gpg-agent.  With no newer libgcrypt, gpg-agent
> can't handle CV25519 keys.
> 
>> tried list-packets & -vvv - nothing more on errors
> 
> Yes.
> 
>> maybe this is conflict with persistent gpg-agent and ssh-agent
>> 	they are listed in htop with PID but no RAM use
>>
>> how can to figure this out ?
> 
> If you can check the process's memory maps of gpg-agent, you can see
> the maps to libgcrypt.  In my case, I can see the entries in
> /proc/<PID-OF-GPG-AGENT>/maps like:
> 
>     b7617000-b76d5000 r-xp 00000000 08:01 35743      /usr/local/lib/libgcrypt.so.20.1.0
>     b76d5000-b76d9000 rw-p 000bd000 08:01 35743      /usr/local/lib/libgcrypt.so.20.1.0
>     b76e7000-b76ef000 rw-p 00000000 00:00 0
> 

$ cat /proc/PID-of-local-[gpg-ssh]agent/maps

nada

$ /builds/gpg21x/bin/gpg-agent --daemon

$ cat /proc/PID/maps

55fb967f7000-55fb96849000 r-xp 00000000 fc:02 2098759
 /builds/gpg21x/bin/gpg-agent
55fb96a48000-55fb96a4a000 r--p 00051000 fc:02 2098759
 /builds/gpg21x/bin/gpg-agent
55fb96a4a000-55fb96a4b000 rw-p 00053000 fc:02 2098759
 /builds/gpg21x/bin/gpg-agent
55fb96a4b000-55fb96a4c000 rw-p 00000000 00:00 0
55fb98220000-55fb98241000 rw-p 00000000 00:00 0
 [heap]
7f714b7e4000-7f714b97e000 r-xp 00000000 fc:02 2229058
 /lib/x86_64-linux-gnu/libc-2.21.so
7f714b97e000-7f714bb7e000 ---p 0019a000 fc:02 2229058
 /lib/x86_64-linux-gnu/libc-2.21.so
7f714bb7e000-7f714bb82000 r--p 0019a000 fc:02 2229058
 /lib/x86_64-linux-gnu/libc-2.21.so
7f714bb82000-7f714bb84000 rw-p 0019e000 fc:02 2229058
 /lib/x86_64-linux-gnu/libc-2.21.so
7f714bb84000-7f714bb88000 rw-p 00000000 00:00 0
7f714bb88000-7f714bba0000 r-xp 00000000 fc:02 2229034
 /lib/x86_64-linux-gnu/libpthread-2.21.so
7f714bba0000-7f714bd9f000 ---p 00018000 fc:02 2229034
 /lib/x86_64-linux-gnu/libpthread-2.21.so
7f714bd9f000-7f714bda0000 r--p 00017000 fc:02 2229034
 /lib/x86_64-linux-gnu/libpthread-2.21.so
7f714bda0000-7f714bda1000 rw-p 00018000 fc:02 2229034
 /lib/x86_64-linux-gnu/libpthread-2.21.so
7f714bda1000-7f714bda5000 rw-p 00000000 00:00 0
7f714bda5000-7f714bda8000 r-xp 00000000 fc:02 271554
 /usr/lib/x86_64-linux-gnu/libnpth.so.0.0.5
7f714bda8000-7f714bfa8000 ---p 00003000 fc:02 271554
 /usr/lib/x86_64-linux-gnu/libnpth.so.0.0.5
7f714bfa8000-7f714bfa9000 r--p 00003000 fc:02 271554
 /usr/lib/x86_64-linux-gnu/libnpth.so.0.0.5
7f714bfa9000-7f714bfaa000 rw-p 00004000 fc:02 271554
 /usr/lib/x86_64-linux-gnu/libnpth.so.0.0.5
7f714bfaa000-7f714bfbc000 r-xp 00000000 fc:02 269865
 /usr/lib/x86_64-linux-gnu/libassuan.so.0.7.2
7f714bfbc000-7f714c1bb000 ---p 00012000 fc:02 269865
 /usr/lib/x86_64-linux-gnu/libassuan.so.0.7.2
7f714c1bb000-7f714c1bc000 r--p 00011000 fc:02 269865
 /usr/lib/x86_64-linux-gnu/libassuan.so.0.7.2
7f714c1bc000-7f714c1bd000 rw-p 00012000 fc:02 269865
 /usr/lib/x86_64-linux-gnu/libassuan.so.0.7.2
7f714c1bd000-7f714c1cf000 r-xp 00000000 fc:02 2233335
 /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0
7f714c1cf000-7f714c3cf000 ---p 00012000 fc:02 2233335
 /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0
7f714c3cf000-7f714c3d0000 r--p 00012000 fc:02 2233335
 /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0
7f714c3d0000-7f714c3d1000 rw-p 00013000 fc:02 2233335
 /lib/x86_64-linux-gnu/libgpg-error.so.0.17.0
7f714c3d1000-7f714c4ce000 r-xp 00000000 fc:02 2098729
 /builds/libgcrypt/lib/libgcrypt.so.20.1.0
7f714c4ce000-7f714c6ce000 ---p 000fd000 fc:02 2098729
 /builds/libgcrypt/lib/libgcrypt.so.20.1.0
7f714c6ce000-7f714c6d0000 r--p 000fd000 fc:02 2098729
 /builds/libgcrypt/lib/libgcrypt.so.20.1.0
7f714c6d0000-7f714c6d6000 rw-p 000ff000 fc:02 2098729
 /builds/libgcrypt/lib/libgcrypt.so.20.1.0
7f714c6d6000-7f714c6f8000 r-xp 00000000 fc:02 2229042
 /lib/x86_64-linux-gnu/ld-2.21.so
7f714c741000-7f714c8ca000 r--p 00000000 fc:02 262206
 /usr/lib/locale/locale-archive
7f714c8ca000-7f714c8cf000 rw-p 00000000 00:00 0
7f714c8ed000-7f714c8f5000 rw-p 00000000 00:00 0
7f714c8f5000-7f714c8f7000 rw-p 00000000 00:00 0
7f714c8f7000-7f714c8f8000 r--p 00021000 fc:02 2229042
 /lib/x86_64-linux-gnu/ld-2.21.so
7f714c8f8000-7f714c8f9000 rw-p 00022000 fc:02 2229042
 /lib/x86_64-linux-gnu/ld-2.21.so
7f714c8f9000-7f714c8fa000 rw-p 00000000 00:00 0
7ffe65c44000-7ffe65c65000 rw-p 00000000 00:00 0
 [stack]
7ffe65ddb000-7ffe65ddd000 r--p 00000000 00:00 0
 [vvar]
7ffe65ddd000-7ffe65ddf000 r-xp 00000000 00:00 0
 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
 [vsyscall]

above is showing systems libraries and not the prefix i used at install time

i compiled gpg2 and libgcrypt with DEB_BUILD_HARDENING=1 from HARDENED-CC(1)