Page MenuHome GnuPG
Create Task
Maniphest T2065

Error when generating keys in a headless environement
Closed, ResolvedPublic
Actions

Description

I tried to generate my keys in a headless environment using this command:

gpg --full-gen-key --debug-all

At first, I got this error:

https://bugs.archlinux.org/task/29199

I tought I had fixed the problem with the pinentry-program
/usr/bin/pinentry-curses line in my gpg-agent.conf file but I got another error:

gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat
trust hashing cardio ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_4 <- OK Pleased to meet you, process 12393
gpg: DBG: connection to agent established
gpg: DBG: chan_4 -> RESET
gpg: DBG: chan_4 <- OK
gpg: DBG: chan_4 -> OPTION ttyname=/dev/tty1
gpg: DBG: chan_4 <- OK
gpg: DBG: chan_4 -> OPTION ttytype=linux
gpg: DBG: chan_4 <- OK
gpg: DBG: chan_4 -> OPTION lc-ctype=C
gpg: DBG: chan_4 <- OK
gpg: DBG: chan_4 -> OPTION lc-messages=C
gpg: DBG: chan_4 <- OK
gpg: DBG: chan_4 -> OPTION allow-pinentry-notify
gpg: DBG: chan_4 <- OK
gpg: DBG: chan_4 -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_4 <- OK
gpg: DBG: chan_4 -> AGENT_ID
gpg: DBG: chan_4 <- ERR 67109139 Unknown IPC command <GPG Agent>
gpg: DBG: chan_4 -> RESET
gpg: DBG: chan_4 <- OK
gpg: DBG: chan_4 -> GENKEY
gpg: DBG: chan_4 <- S INQUIRE_MAXLEN 1024
gpg: DBG: chan_4 <- INQUIRE KEYPARAM
gpg: DBG: chan_4 -> D (genkey(rsa(nbits 4:2048)))
gpg: DBG: chan_4 -> END
gpg: DBG: chan_4 <- INQUIRE PINENTRY_LAUNCHED 12396
gpg: DBG: chan_4 -> END
gpg: DBG: chan_4 <- ERR 83886179 Operation cancelled <Pinentry>
gpg: agent_genkey failed: Operation cancelled
gpg: DBG: [not enabled in the source] stop
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0

outmix=0 getlvl1=0/0 getlvl2=0/0

gpg: secmem usage: 1344/32768 bytes in 2 blocks

It seems related to pinentry but the error message only states that pinentry
cancelled the key generation without any further details.

Details

External Link
https://bugs.archlinux.org/task/29199
Version
0.9.1

Event Timeline

fleblanc added projects: gnupg (gpg21), pinentry, Arch, Bug Report.Aug 10 2015, 4:46 PM
fleblanc set Version to 2.1.6.
fleblanc set External Link to https://bugs.archlinux.org/task/29199.
fleblanc added a subscriber: fleblanc.
werner lowered the priority of this task from High to Normal.Aug 11 2015, 10:04 AM
werner added a subscriber: werner.

Which pinentry version are you using?

fleblanc added a comment.Aug 11 2015, 3:00 PM

pinentry-curses 0.9.1

werner added a comment.Aug 12 2015, 12:36 PM

Please update to pinentry 0.95 and try again. You may also use the gpg-agent
option --debug-pinentry which shows the communication between gpg-agent and
pinentry.

werner changed Version from 2.1.6 to 0.9.1.Aug 12 2015, 12:36 PM
fleblanc added a comment.Aug 12 2015, 11:11 PM

I compiled pinentry version 0.9.5 and tried to regenerate my keys. The good news
is that the curses window appeared and I could enter my passphrase. The bad news
is that after I entered the passphrase(with the repetition), the program
freezed, not returning any prompt and not giving any sign of life(I checked with
top to be sure and nothing).

Also, when I tried to use the --debug-pinentry, gpg didn't recognize it as a
valid argument. I use gpg 2.1.6.

werner assigned this task to neal.Aug 13 2015, 6:14 PM
werner added a subscriber: neal.

--debug-pinentry is an option for the gpg-agent. Thus put the line

debug-pinentry

into gpg-agent.conf and make sure that there is also a log-file option.

fleblanc added a comment.Aug 13 2015, 11:30 PM

Here is the content of my gpg-agent.conf:
debug-pinentry
log-file /home/fxleblanc/gpg-errors.txt
pinentry-program /usr/bin/pinentry-curses

Here is the content of my log file:
gpg: reading options from '/home/fxleblanc/.gnupg/gpg.conf'
gpg (GnuPG) 2.1.6; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat
trust hashing cardio ipc clock lookup extprog

gpg: signal Interrupt caught ... exiting

I interrupted the program because it wasn't doing anything after I entered my
passphrase.

neal added a comment.Aug 24 2015, 1:16 PM

I can't reproduce this. I'm using pinentry 0.9.5 and GnuPG from git. When I
generate a key, it talks nearly 3 minutes for GnuPG to gather the required
amount of entropy, but it eventually returns. Attaching to gpg-agent using gdb,
it appears that gpg-agent is "suck" in the generate key function:

  #9  0x00007f13a08da9ce in ?? () from /lib/x86_64-linux-gnu/libgcrypt.so.20
  (gdb) 
  #10 0x00007f13a08ca2db in gcry_pk_genkey ()
     from /lib/x86_64-linux-gnu/libgcrypt.so.20
  (gdb) 
  #11 0x000000000041f51f in agent_genkey (ctrl=0x1b69e80, cache_nonce=0x0, 
      keyparam=0x7f1398001e70 "(genkey(rsa(nbits 4:1024)))", keyparamlen=27, 
      no_protection=0, override_passphrase=0x0, preset=0, outbuf=0x7f139fccfdb0)
      at ../../../gnupg/agent/genkey.c:479
  479	  rc = gcry_pk_genkey (&s_key, s_keyparam );

So, I seriously doubt that this is a problem with pinentry. And also I doubt
that it is a problem with GnuPG. Most likely, you need to wait for the system
to generate more entropy.

If you think gpg or gpg-agent is really hung, it would be nice if you could use
gdb to attach and then get a backtrace and post that here.

Thanks!

Neal

fleblanc added a comment.Aug 27 2015, 6:09 PM

Hi Neal, you are right about the entropy. I tought it was gpg but I think it's
because my system is too minimal to produce enough entropy. I finally decided to
generate my keys in another machine and transfer them to my minimal
installation. Now it works perfectly, with pinentry 0.9.5.

Thanks for your help,

Regards,

Felix

fleblanc closed this task as Resolved.Aug 27 2015, 6:10 PM