2.1.10 with libgcrypt 1.7.0-beta300

NIIBE Yutaka gniibe at fsij.org
Mon Jan 25 02:33:40 CET 2016


On 01/23/2016 10:11 PM, Fulano Diego Perez wrote:
> NIIBE Yutaka:
>> Please note that you need to invoke gpg-agent with LD_LIBRARY_PATH, too.
> 
> can explain how you mean to invoke ?

Well, it seems terminology issue.  I mean, to start, to kick the service,
and to run the service.

In general, there are multiple ways.  In my case on Debian, I have a
startup script, /etc/X11/Xsession.d/90gpg-agent, which invokes
gpg-agent.

> i export library path for gpg2 and shows expected libgcrypt version

Exporting library path is also needed for gpg-agent.

> i can clearsign with ed25519 EDDSA subkey

This can be done with libgcrypt 1.6.4.

> i have problem testing encryption with cv25519 subkey
> 
> 
> tried to test with $ fortune | gpg2 --sign --encrypt -u abc --recipient
> 123 --recipient 456 | gpg2 --decrypt
> 
> gpg: ecdh failed in gcry_cipher_decrypt: Checksum error
> gpg: ecdh failed in gcry_cipher_decrypt: Checksum error
> gpg: encrypted with 256-bit ECDH key, ID test, created 2016
>       "test"
> gpg: public key decryption failed: Checksum error
> gpg: encrypted with 256-bit ECDH key, ID test, created 2016
>       test2
> gpg: public key decryption failed: Checksum error
> gpg: decryption failed: No secret key
> 
> i have secret key

I know.  The problem is the version of libgcrypt of gpg-agent.

Public key handling is the role of gpg frontend, while secret key
handling is done by gpg-agent.  With no newer libgcrypt, gpg-agent
can't handle CV25519 keys.

> tried list-packets & -vvv - nothing more on errors

Yes.

> maybe this is conflict with persistent gpg-agent and ssh-agent
> 	they are listed in htop with PID but no RAM use
> 
> how can to figure this out ?

If you can check the process's memory maps of gpg-agent, you can see
the maps to libgcrypt.  In my case, I can see the entries in
/proc/<PID-OF-GPG-AGENT>/maps like:

    b7617000-b76d5000 r-xp 00000000 08:01 35743      /usr/local/lib/libgcrypt.so.20.1.0
    b76d5000-b76d9000 rw-p 000bd000 08:01 35743      /usr/local/lib/libgcrypt.so.20.1.0
    b76e7000-b76ef000 rw-p 00000000 00:00 0
-- 



More information about the Gnupg-users mailing list