Page MenuHome GnuPG
Create Task
Maniphest T1421

GnuPG should verify --homedir option before creating a key
Closed, WontfixPublic
Actions

Description

Good Day

I'm helping at Debian checking the state of some bugs, and we found a bug
concerning to gnupg.

  • Start of forwarded bug --

Package: gnupg
Version: 1.4.12
Severity: normal

For a quick test, I needed to generate a temporary GPG key. I started
with "gpg --homedir /tmp/gpg-temp --gen-key". This walked me all the
way through the key generation process, including lengthy entropy
collection, before erroring out because the directory didn't exist (I'd
expected gpg to create it):

/tmp$ gpg --homedir /tmp/gpg-temp --gen-key
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keyblock resource `/tmp/gpg-temp/secring.gpg': file open error
gpg: keyblock resource `/tmp/gpg-temp/pubring.gpg': file open error
Please select what kind of key you want:

(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)

Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.

   0 = key does not expire
<n>  = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years

Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:

    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Real Name
Email address: email@example.org
Comment:
You selected this USER-ID:

    "Real Name <email@example.org>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 116 more bytes)
....+++++
+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
..+++++

Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 112 more bytes)
..+++++
gpg: no writable public keyring found: eof
Key generation failed: eof
gpg: can't create `/tmp/gpg-temp/random_seed': No such file or directory

  • End of forwarded bug --

Hope this could be fix soon. Thanks.

Details

Version
1.4.12

Event Timeline

gatuno set Version to 1.4.12.Jul 16 2012, 11:36 PM
gatuno added projects: gnupg, Bug Report.
gatuno added a subscriber: gatuno.
werner added a subscriber: werner.Jul 18 2012, 12:25 PM

Yeah, I rember that I was hit by this bug myself. I am not sure whetehr it
shall be fixed in 1.4. For interactive use gpg2 is better suited.

gatuno added a comment.Jul 19 2012, 11:52 PM

I think it should be fixed in 1.4 series, because, it just wastes entrophy
making a key. OR maybe gnupg should create the home dir if it doesn't exits, if
it fails, exit with an error code.

werner added a comment.Jul 20 2012, 9:39 AM

GnuPG creates the default home but not one given by the user.

gatuno added a comment.Jul 20 2012, 11:10 PM

Ok, then just check if the home given by the user exists, if not then exit.

neal added a subscriber: neal.Nov 17 2015, 8:34 PM

For what it is worth, this does not appear to be an issue for GnuPG 2.1.x. If
the specified home directory does not exist, GnuPG quickly fails:

$ gpg2 --homedir /tmp/gpg-temp --gen-key
gpg (GnuPG) 2.1.10-beta132; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: keyblock resource '/tmp/gpg-temp/pubring.kbx': No such file or directory
Note: Use "gpg2 --full-gen-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: Foo
Name must be at least 5 characters long
Real name: Foobar
Email address:
You selected this USER-ID:

    "Foobar"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: failed to create temporary file
'/tmp/gpg-temp/.#lk0x00000000017158f0.grit.10925': No such file or directory
gpg: can't connect to the agent: No such file or directory
gpg: agent_genkey failed: No agent running
Key generation failed: No agent running

marcus closed this task as Wontfix.Jul 19 2017, 3:45 PM
marcus claimed this task.
marcus added a subscriber: marcus.

Werner said:

GnuPG tries to create its _default_ home directory because this is the common case. Creating a home directory in every case would clutter the disk with gnupg related data which may even be sensitive.

Closing as wontfix.