Hello List, Just for the records: a gnupg2 "ERROR key_generate 33554531" is fixed by sending " %no-protection" via the command-fd. It seems that a password-less key was generated with gpg1 just by not setting a password. With gnupg2 this command is needed.
@Devs: It would be really nice to issue a message like "Refusing to create unprotected key, use %no-protection if you know what you are doing". Would have helped saving quite some time. Just to continue the gpg1 -> gpg2 migration error message guessing game: what might be the issue with this command? /usr/bin/gpg --no-options --batch --no-default-keyring --homedir [some-home] --keyring key.pub --lock-never --trust-model always --status-fd 2 --verify 4b7b830243078d63.gpg [GNUPG:] UNEXPECTED 0 gpg: verify signatures failed: Unexpected error [GNUPG:] FAILURE verify 38 With gpg1 a similar command should have verified, that the signature is exactly from the single public key stored in "key.pub". Best regards, Roman > Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > > Hello list, > > I am attempting to upgrade software to use gpg2 instead of gpg. After fixing > the usual "Inappropriate ioctl for device" and "Sorry, we are in batchmode - > can't get input" messages and applying all the gpg_agent security > workarounds, I am now stuck at this sequence: > > The key generation command > > ['/usr/bin/gpg', '--homedir', '/tmp/tmp-3abk6l8', '--with-colons', > '--status-fd', > '2', '--pinentry-mode', 'loopback', '--batch', '--gen-key', '--command-fd', > '0'] > > with the security-sensitive passphrase-input via the command-fd > > b'%echo Generating key\nKey-Type: RSA\nKey-Length: 1024\nSubkey-Type: > ELG-E\nSubkey-Length: 1024\nName-Real: AutomationKey\nExpire-Date: > 0\n%commit\n', > > will generate following output: > > gpg: keybox '/tmp/tmp-3abk6l8/pubring.kbx' created > gpg: Generating key > [GNUPG:] INQUIRE_MAXLEN 100 > [GNUPG:] GET_HIDDEN passphrase.enter > [GNUPG:] GOT_IT > gpg: agent_genkey failed: Operation cancelled > gpg: key generation failed: Operation cancelled > [GNUPG:] ERROR key_generate 33554531 > [GNUPG:] KEY_NOT_CREATED > > It seems that agent and gpg are going through some "brain-split" episode as > the errors seem to indicate, that everyone is thinking the other party > canceled the transfer. The strace indicates, that gnupg itself sends the > "cancel" request to the agent and is astonished by the result - it cannot even > give a meaningful error message about the current condition. As there is no > other syscall activity, all the reasons for have to be in gpg2. > > 2138 write(2, "[GNUPG:] INQUIRE_MAXLEN 100", 27) = 27 > 2138 write(2, "\n", 1) = 1 > 2138 write(2, "[GNUPG:] GET_HIDDEN passphrase.enter", 36) = 36 > 2138 write(2, "\n", 1) = 1 > 2138 read(0, "", 1) = 0 > 2138 write(2, "[GNUPG:] GOT_IT", 15) = 15 --- not knowing what gnupg > successfully got here as there is no passphrase to read > 2138 write(2, "\n", 1) = 1 > 2138 write(3, "CAN", 3) = 3 --- Gnupg sending > cancel > 2138 write(3, "\n", 1) = 1 > 2138 read(3, <unfinished ...> > 2142 read(9, "CAN\n", 1002) = 4 --- Agent reading cancel > 2142 getpid() = 2141 > 2142 write(2, "gpg-agent[2141]: command 'GENKEY' failed: IPC call has been > cancelled", 69) = 69 > 2142 write(2, "\n", 1) = 1 > 2142 write(9, "ERR 67109141 IPC call has been cancelled <GPG Agent>", 52) > = 52 --- Agent telling gnupg about cancel > 2138 <... read resumed> "ERR 67109141 IPC call has been cancelled <GPG > Agent>", 1002) = 52 -- gpg reading cancel > 2138 read(3, <unfinished ...> > 2142 write(9, "\n", 1) = 1 > 2138 <... read resumed> "\n", 950) = 1 > 2138 write(2, "gpg: agent_genkey failed: Operation cancelled", 45) = 45 > 2138 write(2, "\n", 1) = 1 > 2138 write(2, "gpg: key generation failed: Operation cancelled", 47) = 47 > 2138 write(2, "\n", 1) = 1 > 2138 write(2, "[GNUPG:] ERROR key_generate 33554531", 36) = 36 > 2138 write(2, "\n", 1) = 1 > 2138 write(2, "[GNUPG:] KEY_NOT_CREATED ", 25) = 25 > 2138 write(2, "\n", 1) = 1 > 2138 read(0, "", 8192) = 0 > 2138 munmap(0x7faad0a44000, 65536) = 0 > 2138 exit_group(2) = ? > 2138 +++ exited with 2 +++ > > Does someone know how to fix that? > > LG Roman _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users