AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

Fiedler Roman Roman.Fiedler at ait.ac.at
Wed Sep 5 10:45:02 CEST 2018


> Von: Peter Lebbing [mailto:peter at digitalbrains.com]
> ...
> $ gpgv --keyring ./key.gpg data.gpg
>
> > Splitting up the message gives me
> >
> > 000001-001.pk_enc
> > 000002-018.encrypted_mdc
>
> This is an encrypted message. gpgv can't do anything with it.

No, this is a signed AND encrypted message. Can gpgv only be
used to verify signatures on signed-only but not signed AND
encrypted messages, maybe due to encrypt AFTER sign scheme?

If so update of the manual pages and a more talkative error message
instead of "gpgv: verify signatures failed: Unexpected error" would
be really nice.


Test trail:

* Prepare:

Remove standard GPG homedir to detect any access to it by error
(should never happen).

rm -rf -- "${HOME}/.gnupg"

testDir="$(mktemp -d)"
cd -- "${testDir}"

* Generate receiver key:

mkdir --mode=0700 -- Receiver
cat <<EOF | /usr/bin/gpg1 --homedir Receiver --batch --gen-key /proc/self/fd/0
Key-Type: RSA
Key-Length: 2048
Subkey-Type: ELG-E
Subkey-Length: 2048
Name-Real: Receiver Key
Expire-Date: 0
%commit
EOF
/usr/bin/gpg1 --homedir Receiver --export "Receiver Key" > Receiver/ReceiverKey.pub

* Generate sender key:

mkdir --mode=0700 -- Sender
/usr/bin/gpg1 --homedir Sender --batch --command-fd 0 --status-fd 1 --gen-key <<EOF
%no-protection
Key-Type: RSA
Key-Length: 2048
Subkey-Type: ELG-E
Subkey-Length: 2048
Name-Real: Sender Key
Expire-Date: 0
%commit
EOF
/usr/bin/gpg1 --homedir Sender --export "Sender Key" > Sender/SenderKey.pub

* Generate message:

/usr/bin/gpg1 --no-options --homedir Sender --keyring Receiver/ReceiverKey.pub --lock-never --trust-model always --sign --local-user "Sender Key" --encrypt --throw-keyids --hidden-recipient "Receiver Key" <<EOF > Sender/OutgoingMessage.gpg
Secret message
EOF

* Decrypt and verify with gpg1 on receiver side:

/usr/bin/gpg1 --no-options --homedir Receiver --no-default-keyring --keyring Sender/SenderKey.pub --lock-never --trust-model always --batch --display-charset utf-8 --status-fd 2 --decrypt --try-all-secrets < Sender/OutgoingMessage.gpg

gpg: Good signature from "Sender Key"
[GNUPG:] VALIDSIG 7C8D39EA43614F2266EBD8F52A1DF9C596868A14 2018-09-05 1536135808 0 4 0 1 8 00 7C8D39EA43614F2266EBD8F52A1DF9C596868A14

* Verify only with gpgv (from gnupg2):

Not clear from documentation, if gpgv could verify signed AND
encrypted messages. Use absolute path for sure as relative pathnames
will be handled differently.

/usr/bin/gpgv --status-fd 2 --homedir /proc/self/fd/nonexistent --keyring "${testDir}/Sender/SenderKey.pub" /proc/self/fd/0 < Sender/OutgoingMessage.gpg

[GNUPG:] UNEXPECTED 0
gpgv: verify signatures failed: Unexpected error

* Final checks:

Ensure default homedir was not created due to error in testing protocol:

ls -al -- "${HOME}/.gnupg"


More information about the Gnupg-users mailing list