out of memory on encrypt

Ross Druker RDruker@alamo.sh.rohmhaas.com
Thu Aug 28 14:46:01 2003 

While I appreciate your advice on proper usage of keys and users, that was not
really my question.  I'm trying to get gpg working on AIX.  But just so you
know, the private key is from someone I work with.  They generated the key on
their PC and I imported it into gpg on the AIX system because they asked if I
could re-use their existing key.  I can address the procedural issues you raise
later (and they are good points), but if I can't get the program to run, they
don't do me any good.

So my questions really are:
  Why is gpg bombing?
  Has anyone else seen this memory problem?
  Has anyone succuessfully run gpg on AIX 5.1?

Again, here is the tail end of the output:

> gpg: writing to `testpgp.txt.gpg'
> gpg: ELG-E/CAST5 encrypted for: "A27627F4 User's Name <User's e-mail
address>"
> gpg: out of  memory while allocating 8192 bytes

Thanks,
Ross

On Aug 27,  9:26pm, Neil Williams wrote:
> Subject: Re: out of memory on encrypt

On Wednesday 27 Aug 2003 7:11 pm, Ross Druker wrote:
>> I'm trying encrypt a tiny file, as root, using a key I imported from
> another user.  I imported both her public and private keys, and I'm trying

What on earth are you doing with someone else's private key??? You only need
the public key to encrypt something to that person. The private key should
NEVER be given to anyone. Please ask the other user to REVOKE / delete their
key as it is should not be trusted.

Private key - used to DECRYPT and sign and needs to remain private.
Public key - use to encrypt and verify signatures and needs to be made public.

Second, don't run anything as root. Just do it as a normal user - root has no
advantages for GPG. Running anything as root just leaves a massive list of
problems - many of which will completely destroy your entire system. Only use
root for system configuration / hardware tools - your system will tell you
when root is required. At all other times, leave root alone!

> to use the public key.  My first attempt failed because I hadn't started
> egd, so it asks me about overwriting the existing file.  This is on AIX
> 5.1.  Any suggestions?
>
> # gpg -v -e -r "User's Name <User's e-mail address>" testpgp.txt
> gpg: using secondary key A27627F4 instead of primary key 327A0D44
> gpg: A27627F4: There is no indication that this key really belongs to the
> owner 2048g/A27627F4 2003-06-30 "User's Name <User's e-mail address>"
>  Primary key fingerprint: D280 13D2 504A 46C3 5F8F  29BC FC96 A4CC 327A
> 0D44 Subkey fingerprint: AF0D 37D0 97CD 47EF 57EA  A558 9707 95FA A276 27F4
>
> It is NOT certain that the key belongs to the person named
> in the user ID.  If you *really* know what you are doing,

Then don't encrypt! If you cannot trust the key, you cannot be sure that what
you encrypt will only be read by the correct person, so what is the point of
encryption? Encrypting to a compromised or untrusted key is bizarre.

> you may answer the next question with yes
>
> Use this key anyway? yes
> gpg: reading from `testpgp.txt'
> File `testpgp.txt.gpg' exists. Overwrite (y/N)? y
> gpg: writing to `testpgp.txt.gpg'
> gpg: ELG-E/CAST5 encrypted for: "A27627F4 User's Name <User's e-mail
> address>" gpg: out of  memory while allocating 8192 bytes

Sounds like gpg has just saved your bacon, although by a secondary means. gpg
DID warn you, you overruled the warning (by typing yes), but gpg got the
better of you anyways. The out of memory error could be a sign of a bad
installation on your system.

Solution:

1. Get the other user to generate a new key and revoke the old key.
Immediately.

2. Tell the other user NEVER to let their new private key be available to
anyone else at any time in any form for any purpose. No exceptions.

3. The public key is public - anyone can have that and the public key should
be made available to everyone with whom you correspond using gpg. (Many users
send the public key to a keyserver to make this easier.)

4. Follow the keysigning rules:
http://www.cryptnet.net/fdp/crypto/gpg-party.html#ss1.2
http://www.dclug.org.uk/linux_doc/gnupgsign.html
and sign each other's public keys. This will allow gpg to trust the key that
you want to use in encryption.

NOW encrypt something to the user:

> # gpg -v -e -r "User's Name <User's e-mail address>" testpgp.txt
Make sure it's $ not # - user not root.
It's easier to use a keyid instead of the full name and email address - less
to type.

If you get the error now, by all means re-post here.

--

Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3


>
> [ Attachment (multipart/signed): 4424 bytes ]
>-- End of excerpt from Neil Williams



-- 
Ross Druker                                      Rohm and Haas Co.
RDruker@RohmHaas.com                             Philadelphia, PA
(215) 592-3281
The opinions expressed are mine and not those of Rohm and Haas Company.