1 |
On 04/05/2017 10:22 PM, Miroslav Rovis wrote: |
2 |
> On 170405-18:01-0400, Fernando Rodriguez wrote: |
3 |
>> Hello, |
4 |
>> |
5 |
>> After a recent update I'm getting this error whenever I try to encrypt |
6 |
>> or decrypt using gnupg. Here's error: |
7 |
>> |
8 |
>>> gpg: selftest for CTR failed - see syslog for details |
9 |
>>> gpg: Ohhhh jeeee: ... this is a bug (seskey.c:61:make_session_key) |
10 |
>>> Aborted |
11 |
>> |
12 |
>> And the syslog: |
13 |
>> |
14 |
>>> gpg[8945]: Libgcrypt warning: AES-CTR-128 test failed (plaintext mismatch) |
15 |
>> |
16 |
>> |
17 |
>> |
18 |
>> It started after a recent update that included gnupg and libgcrypt. The |
19 |
>> versions before the update where libgcrypt-1.7.3 and gnupg-2.1.15. After |
20 |
>> the update 1.7.6 and 2.1.18 respectively. I tried downgrading both |
21 |
>> packages but it didn't help. |
22 |
>> |
23 |
>> I tried to delete the whole ~/.gnupg directory and re-import the keys |
24 |
>> but it fails with the same error. |
25 |
>> |
26 |
>> I have another keyring on the same machine that I use with the --homedir |
27 |
>> option and I have not problems with it. |
28 |
>> |
29 |
>> When I try to generate a new key I get the following error: |
30 |
>> |
31 |
>>> Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o |
32 |
>>> We need to generate a lot of random bytes. It is a good idea to perform |
33 |
>>> some other action (type on the keyboard, move the mouse, utilize the |
34 |
>>> disks) during the prime generation; this gives the random number |
35 |
>>> generator a better chance to gain enough entropy. |
36 |
>>> gpg: agent_genkey failed: Missing key |
37 |
>>> Key generation failed: Missing key |
38 |
>>> |
39 |
>>> |
40 |
>> |
41 |
>> Any ideas? |
42 |
> |
43 |
> I tried some decryption. No issues here: |
44 |
> |
45 |
> $ gpg --version |
46 |
> gpg (GnuPG) 2.1.20 |
47 |
> libgcrypt 1.7.6 |
48 |
> Copyright (C) 2017 Free Software Foundation, Inc. |
49 |
> License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> |
50 |
> This is free software: you are free to change and redistribute it. |
51 |
> There is NO WARRANTY, to the extent permitted by law. |
52 |
> |
53 |
> Home: /home/miro/.gnupg |
54 |
> Supported algorithms: |
55 |
> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA |
56 |
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, |
57 |
> CAMELLIA128, CAMELLIA192, CAMELLIA256 |
58 |
> Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 |
59 |
> Compression: Uncompressed, ZIP, ZLIB, BZIP2 |
60 |
> $ |
61 |
> |
62 |
> It could be something else, or your Gnupg installation is somehow |
63 |
> broken... |
64 |
> |
65 |
|
66 |
Thanks. Here's the output of gpg --gen-key --debug-all in case anyone |
67 |
else can help. |
68 |
|
69 |
> $ gpg --gen-key --debug-all |
70 |
> gpg: Note: no default option file '/home/fernan/.gnupg/gpg.conf' |
71 |
> gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc. |
72 |
> This is free software: you are free to change and redistribute it. |
73 |
> There is NO WARRANTY, to the extent permitted by law. |
74 |
> |
75 |
> gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing cardio ipc clock lookup extprog |
76 |
> gpg: DBG: [not enabled in the source] start |
77 |
> gpg: directory '/home/fernan/.gnupg' created |
78 |
> gpg: new configuration file '/home/fernan/.gnupg/dirmngr.conf' created |
79 |
> gpg: new configuration file '/home/fernan/.gnupg/gpg.conf' created |
80 |
> gpg: DBG: fd_cache_invalidate (/home/fernan/.gnupg/pubring.kbx) |
81 |
> gpg: DBG: iobuf-1.0: open '/home/fernan/.gnupg/pubring.kbx' desc=file_filter(fd) fd=3 |
82 |
> gpg: DBG: iobuf-1.0: close 'file_filter(fd)' |
83 |
> gpg: DBG: /home/fernan/.gnupg/pubring.kbx: close fd/handle 3 |
84 |
> gpg: DBG: fd_cache_close (/home/fernan/.gnupg/pubring.kbx) new slot created |
85 |
> gpg: DBG: iobuf-*.*: ioctl '/home/fernan/.gnupg/pubring.kbx' invalidate |
86 |
> gpg: DBG: fd_cache_invalidate (/home/fernan/.gnupg/pubring.kbx) |
87 |
> gpg: DBG: did (/home/fernan/.gnupg/pubring.kbx) |
88 |
> gpg: keybox '/home/fernan/.gnupg/pubring.kbx' created |
89 |
> Note: Use "gpg2 --full-gen-key" for a full featured key generation dialog. |
90 |
> |
91 |
> GnuPG needs to construct a user ID to identify your key. |
92 |
> |
93 |
> Real name: fsadfas |
94 |
> Email address: fads@××××.com |
95 |
> You selected this USER-ID: |
96 |
> "fsadfas <fads@××××.com>" |
97 |
> |
98 |
> Change (N)ame, (E)mail, or (O)kay/(Q)uit? o |
99 |
> We need to generate a lot of random bytes. It is a good idea to perform |
100 |
> some other action (type on the keyboard, move the mouse, utilize the |
101 |
> disks) during the prime generation; this gives the random number |
102 |
> generator a better chance to gain enough entropy. |
103 |
> gpg: DBG: chan_4 <- OK Pleased to meet you, process 18814 |
104 |
> gpg: DBG: connection to agent established |
105 |
> gpg: DBG: chan_4 -> RESET |
106 |
> gpg: DBG: chan_4 <- OK |
107 |
> gpg: DBG: chan_4 -> OPTION ttyname=/dev/pts/2 |
108 |
> gpg: DBG: chan_4 <- OK |
109 |
> gpg: DBG: chan_4 -> OPTION ttytype=xterm |
110 |
> gpg: DBG: chan_4 <- OK |
111 |
> gpg: DBG: chan_4 -> OPTION display=:0 |
112 |
> gpg: DBG: chan_4 <- OK |
113 |
> gpg: DBG: chan_4 -> OPTION xauthority=/tmp/xauth-1000-_0 |
114 |
> gpg: DBG: chan_4 <- OK |
115 |
> gpg: DBG: chan_4 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-2FF2vYbCnV,guid=883de1ea15755281b1dbb77b58e64397 |
116 |
> gpg: DBG: chan_4 <- OK |
117 |
> gpg: DBG: chan_4 -> OPTION lc-ctype=en_US.utf8 |
118 |
> gpg: DBG: chan_4 <- OK |
119 |
> gpg: DBG: chan_4 -> OPTION lc-messages=en_US.utf8 |
120 |
> gpg: DBG: chan_4 <- OK |
121 |
> gpg: DBG: chan_4 -> GETINFO version |
122 |
> gpg: DBG: chan_4 <- D 2.1.15 |
123 |
> gpg: DBG: chan_4 <- OK |
124 |
> gpg: DBG: chan_4 -> OPTION allow-pinentry-notify |
125 |
> gpg: DBG: chan_4 <- OK |
126 |
> gpg: DBG: chan_4 -> OPTION agent-awareness=2.1.0 |
127 |
> gpg: DBG: chan_4 <- OK |
128 |
> gpg: DBG: chan_4 -> AGENT_ID |
129 |
> gpg: DBG: chan_4 <- ERR 67109139 Unknown IPC command <GPG Agent> |
130 |
> gpg: DBG: chan_4 -> RESET |
131 |
> gpg: DBG: chan_4 <- OK |
132 |
> gpg: DBG: chan_4 -> GENKEY |
133 |
> gpg: DBG: chan_4 <- S INQUIRE_MAXLEN 1024 |
134 |
> gpg: DBG: chan_4 <- INQUIRE KEYPARAM |
135 |
> gpg: DBG: chan_4 -> D (genkey(rsa(nbits 4:2048))) |
136 |
> gpg: DBG: chan_4 -> END |
137 |
> gpg: DBG: chan_4 <- INQUIRE PINENTRY_LAUNCHED 18816 |
138 |
> gpg: DBG: chan_4 -> END |
139 |
> gpg: DBG: chan_4 <- INQUIRE PINENTRY_LAUNCHED 18819 |
140 |
> gpg: DBG: chan_4 -> END |
141 |
> gpg: DBG: chan_4 <- INQUIRE PINENTRY_LAUNCHED 18823 |
142 |
> gpg: DBG: chan_4 -> END |
143 |
> gpg: DBG: chan_4 <- S PROGRESS need_entropy X 99 128 |
144 |
> gpg: DBG: chan_4 <- S PROGRESS need_entropy X 120 128 |
145 |
> gpg: DBG: chan_4 <- S PROGRESS need_entropy X 126 128 |
146 |
> gpg: DBG: chan_4 <- S PROGRESS need_entropy X 128 128 |
147 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
148 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
149 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
150 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
151 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
152 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
153 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
154 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
155 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
156 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
157 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
158 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
159 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
160 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
161 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
162 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
163 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
164 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
165 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
166 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
167 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
168 |
> gpg: DBG: chan_4 <- S PROGRESS primegen + 0 0 |
169 |
> gpg: DBG: chan_4 <- S PROGRESS primegen + 0 0 |
170 |
> gpg: DBG: chan_4 <- S PROGRESS primegen + 0 0 |
171 |
> gpg: DBG: chan_4 <- S PROGRESS primegen + 0 0 |
172 |
> gpg: DBG: chan_4 <- S PROGRESS primegen + 0 0 |
173 |
> gpg: DBG: chan_4 <- S PROGRESS primegen X 100 100 |
174 |
> gpg: DBG: chan_4 <- S PROGRESS need_entropy X 79 128 |
175 |
> gpg: DBG: chan_4 <- S PROGRESS need_entropy X 116 128 |
176 |
> gpg: DBG: chan_4 <- S PROGRESS need_entropy X 125 128 |
177 |
> gpg: DBG: chan_4 <- S PROGRESS need_entropy X 128 128 |
178 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
179 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
180 |
> gpg: DBG: chan_4 <- S PROGRESS primegen . 0 0 |
181 |
> gpg: DBG: chan_4 <- S PROGRESS primegen + 0 0 |
182 |
> gpg: DBG: chan_4 <- S PROGRESS primegen + 0 0 |
183 |
> gpg: DBG: chan_4 <- S PROGRESS primegen + 0 0 |
184 |
> gpg: DBG: chan_4 <- S PROGRESS primegen + 0 0 |
185 |
> gpg: DBG: chan_4 <- S PROGRESS primegen + 0 0 |
186 |
> gpg: DBG: chan_4 <- S PROGRESS primegen X 100 100 |
187 |
> gpg: DBG: chan_4 <- ERR 16777397 Missing key <gcrypt> |
188 |
> gpg: agent_genkey failed: Missing key |
189 |
> Key generation failed: Missing key |
190 |
> gpg: DBG: [not enabled in the source] stop |
191 |
> gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 |
192 |
> outmix=0 getlvl1=0/0 getlvl2=0/0 |
193 |
> gpg: secmem usage: 1344/65536 bytes in 2 blocks |
194 |
|
195 |
It appears to be related to libgcrypt but I have no clue where to go |
196 |
from here. I'm using the same versions I was using a few days ago when |
197 |
it was working. I also downgraded libgpg-error to 1.24, that's the only |
198 |
libgcrypt dependency that was updated so I'm not sure what else could be |
199 |
affecting it. |
200 |
|
201 |
-- |
202 |
|
203 |
Fernando Rodriguez |