Error using GPG2 in FIPS mode

Arian Sameni arian.sameni at gmail.com
Wed Jun 29 12:46:25 CEST 2011


Hi everybody,

I'm having some trouble trying to use GnuPG2 with FIPS mode enabled*.

For example, when invoking --gen-key I get the following error:
---
Ohhhh jeeee: cipher 3 not found
fatal error in libgcrypt, file misc.c, line 137, function _gcry_logv: 
internal error (fatal or bug)
Aborted
---

And when trying to encrypt:
---
gpg: no valid OpenPGP data found.
gpg: processing message failed: Unknown system error
---

Even --help fails:
---
Home: ~/.gnupg
Supported algorithms:
Ohhhh jeeee: secure memory is disabledfatal error in libgcrypt, file 
misc.c, line 137, function _gcry_logv: internal error (fatal or bug)
Aborted
---

I'm using GnuPG 2.0.17 with libgcrypt 1.4.6, both compiled from source.
When FIPS is not enabled, everything works OK. Also, generating a key in 
batch mode with FIPS enabled works too. Even a small program I made ex 
profeso while checking this, that uses libgcrypt's gcry_random_bytes() 
with FIPS enabled, works.

Am I missing something here? Is there any kind of restriction in FIPS 
about interactive usage, or something like that? Isn't gnupg aware of 
FIPS yet? Or is it just some kind of bug?

Thanks.

*I've tried both echoing 1 to the FIPS_FORCE_FILE 
(/etc/gcrypt/fips_enabled) and editing gnupg-2.0.17/g10/gpg.c so that it 
calls gcry_control (GCRYCTL_FORCE_FIPS_MODE); before all other 
initialization. Both fail.



More information about the Gnupg-devel mailing list