out of memory on encrypt

Neil Williams linux@codehelp.co.uk
Wed Aug 27 22:24:02 2003 

--Boundary-02=_zPRT/jRRhday6yr
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Wednesday 27 Aug 2003 7:11 pm, Ross Druker wrote:
> I'm trying encrypt a tiny file, as root, using a key I imported from
> another user.  I imported both her public and private keys, and I'm trying

What on earth are you doing with someone else's private key??? You only nee=
d=20
the public key to encrypt something to that person. The private key should=
=20
NEVER be given to anyone. Please ask the other user to REVOKE / delete thei=
r=20
key as it is should not be trusted.

Private key - used to DECRYPT and sign and needs to remain private.
Public key - use to encrypt and verify signatures and needs to be made publ=
ic.

Second, don't run anything as root. Just do it as a normal user - root has =
no=20
advantages for GPG. Running anything as root just leaves a massive list of=
=20
problems - many of which will completely destroy your entire system. Only u=
se=20
root for system configuration / hardware tools - your system will tell you=
=20
when root is required. At all other times, leave root alone!

> to use the public key.  My first attempt failed because I hadn't started
> egd, so it asks me about overwriting the existing file.  This is on AIX
> 5.1.  Any suggestions?
>
> # gpg -v -e -r "User's Name <User's e-mail address>" testpgp.txt
> gpg: using secondary key A27627F4 instead of primary key 327A0D44
> gpg: A27627F4: There is no indication that this key really belongs to the
> owner 2048g/A27627F4 2003-06-30 "User's Name <User's e-mail address>"
>  Primary key fingerprint: D280 13D2 504A 46C3 5F8F  29BC FC96 A4CC 327A
> 0D44 Subkey fingerprint: AF0D 37D0 97CD 47EF 57EA  A558 9707 95FA A276 27=
=464
>
> It is NOT certain that the key belongs to the person named
> in the user ID.  If you *really* know what you are doing,

Then don't encrypt! If you cannot trust the key, you cannot be sure that wh=
at=20
you encrypt will only be read by the correct person, so what is the point o=
f=20
encryption? Encrypting to a compromised or untrusted key is bizarre.

> you may answer the next question with yes
>
> Use this key anyway? yes
> gpg: reading from `testpgp.txt'
> File `testpgp.txt.gpg' exists. Overwrite (y/N)? y
> gpg: writing to `testpgp.txt.gpg'
> gpg: ELG-E/CAST5 encrypted for: "A27627F4 User's Name <User's e-mail
> address>" gpg: out of  memory while allocating 8192 bytes

Sounds like gpg has just saved your bacon, although by a secondary means. g=
pg=20
DID warn you, you overruled the warning (by typing yes), but gpg got the=20
better of you anyways. The out of memory error could be a sign of a bad=20
installation on your system.

Solution:

1. Get the other user to generate a new key and revoke the old key.=20
Immediately.

2. Tell the other user NEVER to let their new private key be available to=20
anyone else at any time in any form for any purpose. No exceptions.

3. The public key is public - anyone can have that and the public key shoul=
d=20
be made available to everyone with whom you correspond using gpg. (Many use=
rs=20
send the public key to a keyserver to make this easier.)

4. Follow the keysigning rules:
http://www.cryptnet.net/fdp/crypto/gpg-party.html#ss1.2
http://www.dclug.org.uk/linux_doc/gnupgsign.html
and sign each other's public keys. This will allow gpg to trust the key tha=
t=20
you want to use in encryption.

NOW encrypt something to the user:

> # gpg -v -e -r "User's Name <User's e-mail address>" testpgp.txt
Make sure it's $ not # - user not root.
It's easier to use a keyid instead of the full name and email address - les=
s=20
to type.

If you get the error now, by all means re-post here.

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3

--Boundary-02=_zPRT/jRRhday6yr
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/TRPziAEJSii8s+MRAiMEAKCvfGo8tf6C0mwdH5wz4wu09XPoHACfbzp9
aL8WIz2NcIb+68K8651iO4Y=
=h8wT
-----END PGP SIGNATURE-----

--Boundary-02=_zPRT/jRRhday6yr--