Error using GPG2 in FIPS mode
arian.sameni at gmail.com
Wed Jun 29 12:46:25 CEST 2011
I'm having some trouble trying to use GnuPG2 with FIPS mode enabled*.
For example, when invoking --gen-key I get the following error:
Ohhhh jeeee: cipher 3 not found
fatal error in libgcrypt, file misc.c, line 137, function _gcry_logv:
internal error (fatal or bug)
And when trying to encrypt:
gpg: no valid OpenPGP data found.
gpg: processing message failed: Unknown system error
Even --help fails:
Ohhhh jeeee: secure memory is disabledfatal error in libgcrypt, file
misc.c, line 137, function _gcry_logv: internal error (fatal or bug)
I'm using GnuPG 2.0.17 with libgcrypt 1.4.6, both compiled from source.
When FIPS is not enabled, everything works OK. Also, generating a key in
batch mode with FIPS enabled works too. Even a small program I made ex
profeso while checking this, that uses libgcrypt's gcry_random_bytes()
with FIPS enabled, works.
Am I missing something here? Is there any kind of restriction in FIPS
about interactive usage, or something like that? Isn't gnupg aware of
FIPS yet? Or is it just some kind of bug?
*I've tried both echoing 1 to the FIPS_FORCE_FILE
(/etc/gcrypt/fips_enabled) and editing gnupg-2.0.17/g10/gpg.c so that it
calls gcry_control (GCRYCTL_FORCE_FIPS_MODE); before all other
initialization. Both fail.
More information about the Gnupg-devel