Question on Kyber Encryption (Key Gen)

[Vincent Cozzo]

Hey all,

I do have an update on this effort, though to make a long story short,
"the code works and I don't know why."

When I try to install gpg 2.5.1 "system-wide," the executables end up
in /usr/local/bin. This sounds fine and normal, but in this state, I
encounter two problems:
1. the prior error regarding "invalid public key alg" and even the
gpgconf error persist;
2. when I try to do an `apt update`, the package manager gets confused
and says "Unknown error executing apt-key." Thankfully, I can remedy
this error by overwriting the /usr/local/bin executables with version
2.4.5 of the library.

if I try setting the GNUPGHOME variable (which is something I admit I
do not fully understand) and then copy the "pinentry" binaries to the
right directory, the system actually works and generates a Kyber key
-- and encryption/decryption appears to work when selecting that
subkey!

In any case, thank you so much.
-Vince




On Thu, Oct 24, 2024 at 5:50 AM NIIBE Yutaka <gniibe at fsij.org> wrote:
>
> Hello,
>
> Vincent Cozzo wrote:
> > So, the first `agent_genkey` call works just fine (`err` code is
> > zero), but the subsequent agent_genkey returns `16777220`...
> [...]
> > So there is very possibly a problem with how I installed the new
> > binary. In full disclosure, I tried to "compile" the GnuPG binaries
> > without "installing" them, which might be the root cause of my errors.
>
> I think that this is the case.  In this case, as the function name
> suggests (agent_genkey), it is actually the gpg-agent which uses
> libgcrypt for key generation.  If your gpg-agent is using the old
> version of libgcrypt, it fails.
>
> For testing, you can invoke a shell under gpg-agent by doing like:
>
>  $ export GNUPGHOME=$(mktemp -d)
>  $ LD_LIBARRY_PATH=<the-path-to-new-libgcrypt> gpg-agent --daemon /bin/bash
>  [...]
>  $ gpg ...
>  $ exit
>
> Then, followng gpg invocations will connect to the agent which
> runs with the LD_LIBARRY_PATH specified.
> --