gpg-agent fails when adding a RSA ssh key

Werner Koch wk at
Thu May 18 17:43:55 CEST 2006

"Stewart Wright" <svwright.lists at> writes:

> I've just submitted this to the BTS (#657) but I thought I'd send it here too.


> * How-To-Repeat:
>   eval `gpg-agent --enable-ssh-support --daemon`
>   ssh-add rsa_4096

gpg-agent ran out of secure memory. You won't see the error message
because it just goes to stderr.  The reason for this is that we won't
be able to log a proper error message if we are short of memory.  Well
in the case of secure memory, this is wrong and we could do a proper
diagnostic.  Will be changed in Libgcrypt.

A workaround is to change in gnupg/agent/gpg-agent.c the line

  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);

to something like 32768 or even more. I think we should do this in all
cases.  I have not tested this but it is pretty obvious. 

There is also another bug.  Deep inside of libgcrypt an xrealoc is
used but we should not do this and return an error.  Will be fixed.



More information about the Gnupg-devel mailing list