AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

Fiedler Roman Roman.Fiedler at ait.ac.at
Tue Sep 4 09:52:33 CEST 2018


> Von: Peter Lebbing [mailto:peter at digitalbrains.com]
>
> On 03/09/18 18:56, Fiedler Roman wrote:
> > With gpg1 a similar command should have verified, that the signature
> > is exactly from the single public key stored in "key.pub".
>
> This has never been a supported use of gpg, it just happened to work
> because GnuPG 1.4 happened to use a bunch of exported OpenPGP
> certificates as the format of its public keyring. This was an
> implementation detail which enabled you to do this. Just because you can
> use the rear side of a screwdriver to hammer in a small nail doesn't
> mean you're meant to do carpentry that way ;-).

Maybe the current hammer documentation should be updated, to remove
the "--use-as-hammer" options? Or at least declare, that they shall not
be used that way. See:

https://www.gnupg.org/gph/en/manual/r1606.html
https://www.gnupg.org/gph/en/manual/r1574.html

Without that, what should be the purpose of the "--no-default-keyring"
except to flush all default keys and operate only on the ones given
via the "--keyring" option?

> In GnuPG, the homedir is
> pretty much not part of the interface, it is internal with some
> exceptions like .conf-files and being able to retrieve revocation
> certificates from it. The keyring format has changed and GnuPG also
> expects a lot of other different things in its homedir. So it no longer
> works.

Maybe the "--no-default-keyring" should return something like "obsolete
gnupg file API used" instead of "[GNUPG:] UNEXPECTED 0"?

> It could be that recently an option was added to check a signature by a
> certificate in a file, but in general you need to import a certificate
> before you can do verifications. I didn't see the new option in the few
> announcements I read. Either it was discussed and not done or discussed
> and implemented, can't recall.

Werner gave a good solution in another followup message. May I recommend
updating the online docu/man page for "--verify" with something like this?

"""For automated verification against a single public key, the gpgv tool may
better suit you needs"""

Or could I submit patches to documentation and source code (error handling)
myself? I did not find a "contribute" section on the gnupg website at a first glance
(menus/FAQs), but could look into it deeper, if helpful.

Regards, Roman



More information about the Gnupg-users mailing list