out of memory on encrypt

Neil Williams linux@codehelp.co.uk
Wed Aug 27 22:24:02 2003

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Wednesday 27 Aug 2003 7:11 pm, Ross Druker wrote:
> I'm trying encrypt a tiny file, as root, using a key I imported from
> another user.  I imported both her public and private keys, and I'm trying

What on earth are you doing with someone else's private key??? You only nee=
the public key to encrypt something to that person. The private key should=
NEVER be given to anyone. Please ask the other user to REVOKE / delete thei=
key as it is should not be trusted.

Private key - used to DECRYPT and sign and needs to remain private.
Public key - use to encrypt and verify signatures and needs to be made publ=

Second, don't run anything as root. Just do it as a normal user - root has =
advantages for GPG. Running anything as root just leaves a massive list of=
problems - many of which will completely destroy your entire system. Only u=
root for system configuration / hardware tools - your system will tell you=
when root is required. At all other times, leave root alone!

> to use the public key.  My first attempt failed because I hadn't started
> egd, so it asks me about overwriting the existing file.  This is on AIX
> 5.1.  Any suggestions?
> # gpg -v -e -r "User's Name <User's e-mail address>" testpgp.txt
> gpg: using secondary key A27627F4 instead of primary key 327A0D44
> gpg: A27627F4: There is no indication that this key really belongs to the
> owner 2048g/A27627F4 2003-06-30 "User's Name <User's e-mail address>"
>  Primary key fingerprint: D280 13D2 504A 46C3 5F8F  29BC FC96 A4CC 327A
> 0D44 Subkey fingerprint: AF0D 37D0 97CD 47EF 57EA  A558 9707 95FA A276 27=
> It is NOT certain that the key belongs to the person named
> in the user ID.  If you *really* know what you are doing,

Then don't encrypt! If you cannot trust the key, you cannot be sure that wh=
you encrypt will only be read by the correct person, so what is the point o=
encryption? Encrypting to a compromised or untrusted key is bizarre.

> you may answer the next question with yes
> Use this key anyway? yes
> gpg: reading from `testpgp.txt'
> File `testpgp.txt.gpg' exists. Overwrite (y/N)? y
> gpg: writing to `testpgp.txt.gpg'
> gpg: ELG-E/CAST5 encrypted for: "A27627F4 User's Name <User's e-mail
> address>" gpg: out of  memory while allocating 8192 bytes

Sounds like gpg has just saved your bacon, although by a secondary means. g=
DID warn you, you overruled the warning (by typing yes), but gpg got the=20
better of you anyways. The out of memory error could be a sign of a bad=20
installation on your system.


1. Get the other user to generate a new key and revoke the old key.=20

2. Tell the other user NEVER to let their new private key be available to=20
anyone else at any time in any form for any purpose. No exceptions.

3. The public key is public - anyone can have that and the public key shoul=
be made available to everyone with whom you correspond using gpg. (Many use=
send the public key to a keyserver to make this easier.)

4. Follow the keysigning rules:
and sign each other's public keys. This will allow gpg to trust the key tha=
you want to use in encryption.

NOW encrypt something to the user:

> # gpg -v -e -r "User's Name <User's e-mail address>" testpgp.txt
Make sure it's $ not # - user not root.
It's easier to use a keyid instead of the full name and email address - les=
to type.

If you get the error now, by all means re-post here.


Neil Williams


Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)