Page MenuHome GnuPG

Setting "compliance de-vs" in gpg.conf with libgcrypt 1.9.0 and newer causes confusing error messages
Closed, ResolvedPublic


Any operation with the above configuration results in various errors, for example:

$ gpg --quick-gen-key --batch --passphrase '' sig_key
gpg: RNG is not compliant with --compliance=de-vs mode
gpg: signing failed: Forbidden
gpg: make_keysig_packet failed: Forbidden
gpg: key generation failed: Forbidden

If I read the code right, this is not caused by the non-compliant RNG, but with the non-compliant libgcrypt version 1.9.0+, which still does not have de-vs compliance certificate. This is mentioned in the comments of both gnupg and libgcrypt, but not clear from the messages.

I am not sure if there is a better way to report a more descriptive error from this place of the code as I am not very familiar with that, but if it would be, it would cause less confusion for users (at least until the libgcrypt will have the certs).

Event Timeline

werner claimed this task.
werner edited projects, added Not A Bug; removed Bug Report.
werner added a subscriber: werner.

The first is a warning and the other error codes are exactly what we want.