Page MenuHome GnuPG
Create Task
Maniphest T5726

Setting "compliance de-vs" in gpg.conf with libgcrypt 1.9.0 and newer causes confusing error messages
Closed, ResolvedPublic
Actions

Description

Any operation with the above configuration results in various errors, for example:

$ gpg --quick-gen-key --batch --passphrase '' sig_key
[...]
gpg: RNG is not compliant with --compliance=de-vs mode
gpg: signing failed: Forbidden
gpg: make_keysig_packet failed: Forbidden
gpg: key generation failed: Forbidden

If I read the code right, this is not caused by the non-compliant RNG, but with the non-compliant libgcrypt version 1.9.0+, which still does not have de-vs compliance certificate. This is mentioned in the comments of both gnupg and libgcrypt, but not clear from the messages.

I am not sure if there is a better way to report a more descriptive error from this place of the code as I am not very familiar with that, but if it would be, it would cause less confusion for users (at least until the libgcrypt will have the certs).

Details

External Link
https://bugzilla.redhat.com/show_bug.cgi?id=2019728

Event Timeline

Jakuje created this task.Dec 9 2021, 5:33 PM
werner closed this task as Resolved.Dec 10 2021, 1:53 PM
werner claimed this task.
werner edited projects, added Not A Bug; removed Bug Report.
werner added a subscriber: werner.

The first is a warning and the other error codes are exactly what we want.