gpg: key generation failed: Corrupted protection
Open, NormalPublic

Description

Got the following error while running RNP's CI:

2021-02-19T11:41:44.3019208Z test_generate_elgamal_key1024_in_gpg_and_encrypt (__main__.EncryptElgamal) ... C:/Program Files/Git/usr/bin/gpg.exe --gen-key --expert --batch --pinentry-mode loopback --homedir /C/Users/RUNNER~1/AppData/Local/Temp/rnpctmpgmambep0/.gpg --yes --passphrase password
2021-02-19T11:41:44.3021083Z Working directory: D:\a\rnp\rnp\build\src\tests
2021-02-19T11:41:44.3021748Z gpg: signing failed: Corrupted protection
2021-02-19T11:41:44.3022409Z gpg: make_keysig_packet failed: Corrupted protection
2021-02-19T11:41:44.3023141Z gpg: key generation failed: Corrupted protection

Also, rarely we got the following error, which may be related: https://github.com/rnpgp/rnp/issues/1379

It was run under GHA/Windows x64:
Environment: windows-2019
Version: 20210211.1
Included Software: https://github.com/actions/virtual-environments/blob/win19/20210211.1/images/win/Windows2019-Readme.md

Details

Version
2.2.25

Attaching the full log:

Hm, got something similar on macOS runner as well (however, in this case secret key is generated by RNP, and then successfully imported by GPG) :

2021-02-19T10:49:42.8239220Z /tmp/rnp-local-installs/gpg-install/bin/gpg --homedir /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/rnpctmp3ciohli5/.gpg --pinentry-mode=loopback --batch --yes --passphrase key2pass --trust-model always -o /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/rnpctmp3ciohli5/cleartext.dec -d /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/rnpctmp3ciohli5/cleartext.rnp
2021-02-19T10:49:42.8240980Z gpg: AES256.CFB encrypted session key
2021-02-19T10:49:42.8241480Z gpg: encrypted with 1 passphrase
2021-02-19T10:49:42.8242430Z gpg: encrypted with 1024-bit RSA key, ID 23295470BD33EA4A, created 2021-02-19
2021-02-19T10:49:42.8243090Z       "key2@rnp"
2021-02-19T10:49:42.8243580Z gpg: public key decryption failed: Corrupted protection
2021-02-19T10:49:42.8244650Z gpg: encrypted with 1024-bit RSA key, ID 3A9FE68E283F7439, created 2021-02-19
2021-02-19T10:49:42.8245220Z       "key1@rnp"
2021-02-19T10:49:42.8245690Z gpg: public key decryption failed: Bad passphrase
2021-02-19T10:49:42.8246250Z gpg: decryption failed: Bad session key

Didn't happen before, and actually happens on PR which just changes documentation.

werner added a subscriber: werner.Sat, Feb 20, 12:40 PM

Plesae run gpg with the option --verbose and put

log-file /somewhere/log.txt
verbose
debug ipc
debug-pinentry

into gpg-agent.conf. Restart gpg-agent. Is this the standard installer we provide for gnupg?

werner triaged this task as Normal priority.Tue, Feb 23, 9:07 AM
werner added a project: Info Needed.

Hi Werner,
Thanks for the reply. Will try to reproduce this and get back to you. Our CI wasn't have an option to upload artifacts in case of failure.

Not sure, but looks like GnuPG was preinstalled together with Git for Windows:

  • Found GnuPG: C:/Program Files/Git/usr/bin/gpg.exe (found suitable version "2.2.25", minimum required is "2.2")

Can you please run

gpgconf --show-versions

Sure, here is output:

2021-02-24T20:19:46.8671882Z + gpgconf --show-versions
2021-02-24T20:19:49.6868215Z * GnuPG 2.2.25-unknown (0000000)
2021-02-24T20:19:49.6871468Z MSYS
2021-02-24T20:19:49.6888515Z 
2021-02-24T20:19:49.6889344Z * Libgcrypt 1.8.7 (baacfb40)
2021-02-24T20:19:49.6889956Z version:1.8.7:10807:1.39-unknown:12700:
2021-02-24T20:19:49.6890454Z cc:90300:gcc:9.3.0:
2021-02-24T20:19:49.6891633Z ciphers:arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia:idea:salsa20:gost28147:chacha20:
2021-02-24T20:19:49.6892539Z pubkeys:dsa:elgamal:rsa:ecc:
2021-02-24T20:19:49.6893424Z digests:crc:gostr3411-94::md4:md5:rmd160:sha1:sha256:sha512:sha3:tiger:whirlpool:stribog:blake2:
2021-02-24T20:19:49.6894177Z rnd-mod:linux:
2021-02-24T20:19:49.6894666Z cpu-arch:x86:
2021-02-24T20:19:49.6895791Z mpi-asm:generic/mpih-add1.c:generic/mpih-sub1.c:generic/mpih-mul1.c:generic/mpih-mul2.c:generic/mpih-mul3.c:generic/mpih-lshift.c:generic/mpih-rshift.c:
2021-02-24T20:19:49.6897734Z hwflist:intel-cpu:intel-fast-shld:intel-bmi2:intel-ssse3:intel-sse4.1:intel-pclmul:intel-aesni:intel-rdrand:intel-avx:intel-avx2:intel-fast-vpgather:intel-rdtsc:
2021-02-24T20:19:49.6898968Z fips-mode:n:n:
2021-02-24T20:19:49.6899492Z rng-type:standard:1:2010000:1:
2021-02-24T20:19:49.6899888Z 
2021-02-24T20:19:49.6900359Z * GpgRT 1.41-unknown (0000000)
2021-02-24T20:19:49.6900739Z 
2021-02-24T20:19:49.6901208Z * Libassuan 2.5.4-unknown (0000000)
2021-02-24T20:19:49.6901605Z 
2021-02-24T20:19:49.6902048Z * KSBA 1.4.0-unknown (?)
2021-02-24T20:19:49.6902420Z 
2021-02-24T20:19:49.6902843Z * GNUTLS 3.6.15

MSYS builds are not supported. All kind of stuff may go wrong. Just don't use it. Please use the standard installer as listed at gnupg.org or install gpg4win (which includes this installer).

Thanks for the information!
We'll update our CI.