How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"
Fiedler Roman
Roman.Fiedler at ait.ac.at
Fri Aug 31 19:11:58 CEST 2018
Hello list,
I am attempting to upgrade software to use gpg2 instead of gpg. After fixing the usual "Inappropriate ioctl for device" and "Sorry, we are in batchmode - can't get input" messages and applying all the gpg_agent security workarounds, I am now stuck at this sequence:
The key generation command
['/usr/bin/gpg', '--homedir', '/tmp/tmp-3abk6l8', '--with-colons', '--status-fd', '2', '--pinentry-mode', 'loopback', '--batch', '--gen-key', '--command-fd', '0']
with the security-sensitive passphrase-input via the command-fd
b'%echo Generating key\nKey-Type: RSA\nKey-Length: 1024\nSubkey-Type: ELG-E\nSubkey-Length: 1024\nName-Real: AutomationKey\nExpire-Date: 0\n%commit\n',
will generate following output:
gpg: keybox '/tmp/tmp-3abk6l8/pubring.kbx' created
gpg: Generating key
[GNUPG:] INQUIRE_MAXLEN 100
[GNUPG:] GET_HIDDEN passphrase.enter
[GNUPG:] GOT_IT
gpg: agent_genkey failed: Operation cancelled
gpg: key generation failed: Operation cancelled
[GNUPG:] ERROR key_generate 33554531
[GNUPG:] KEY_NOT_CREATED
It seems that agent and gpg are going through some "brain-split" episode as the errors seem to indicate, that everyone is thinking the other party canceled the transfer. The strace indicates, that gnupg itself sends the "cancel" request to the agent and is astonished by the result - it cannot even give a meaningful error message about the current condition. As there is no other syscall activity, all the reasons for have to be in gpg2.
2138 write(2, "[GNUPG:] INQUIRE_MAXLEN 100", 27) = 27
2138 write(2, "\n", 1) = 1
2138 write(2, "[GNUPG:] GET_HIDDEN passphrase.enter", 36) = 36
2138 write(2, "\n", 1) = 1
2138 read(0, "", 1) = 0
2138 write(2, "[GNUPG:] GOT_IT", 15) = 15 --- not knowing what gnupg successfully got here as there is no passphrase to read
2138 write(2, "\n", 1) = 1
2138 write(3, "CAN", 3) = 3 --- Gnupg sending cancel
2138 write(3, "\n", 1) = 1
2138 read(3, <unfinished ...>
2142 read(9, "CAN\n", 1002) = 4 --- Agent reading cancel
2142 getpid() = 2141
2142 write(2, "gpg-agent[2141]: command 'GENKEY' failed: IPC call has been cancelled", 69) = 69
2142 write(2, "\n", 1) = 1
2142 write(9, "ERR 67109141 IPC call has been cancelled <GPG Agent>", 52) = 52 --- Agent telling gnupg about cancel
2138 <... read resumed> "ERR 67109141 IPC call has been cancelled <GPG Agent>", 1002) = 52 -- gpg reading cancel
2138 read(3, <unfinished ...>
2142 write(9, "\n", 1) = 1
2138 <... read resumed> "\n", 950) = 1
2138 write(2, "gpg: agent_genkey failed: Operation cancelled", 45) = 45
2138 write(2, "\n", 1) = 1
2138 write(2, "gpg: key generation failed: Operation cancelled", 47) = 47
2138 write(2, "\n", 1) = 1
2138 write(2, "[GNUPG:] ERROR key_generate 33554531", 36) = 36
2138 write(2, "\n", 1) = 1
2138 write(2, "[GNUPG:] KEY_NOT_CREATED ", 25) = 25
2138 write(2, "\n", 1) = 1
2138 read(0, "", 8192) = 0
2138 munmap(0x7faad0a44000, 65536) = 0
2138 exit_group(2) = ?
2138 +++ exited with 2 +++
Does someone know how to fix that?
LG Roman
More information about the Gnupg-users
mailing list