How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"

Fiedler Roman Roman.Fiedler at ait.ac.at
Fri Aug 31 19:11:58 CEST 2018 

Hello list,

I am attempting to upgrade software to use gpg2 instead of gpg. After fixing the usual "Inappropriate ioctl for device" and "Sorry, we are in batchmode - can't get input" messages and applying all the gpg_agent security workarounds, I am now stuck at this sequence:

The key generation command

['/usr/bin/gpg', '--homedir', '/tmp/tmp-3abk6l8', '--with-colons', '--status-fd', '2', '--pinentry-mode', 'loopback', '--batch', '--gen-key', '--command-fd', '0']

with the security-sensitive passphrase-input via the command-fd

b'%echo Generating key\nKey-Type: RSA\nKey-Length: 1024\nSubkey-Type: ELG-E\nSubkey-Length: 1024\nName-Real: AutomationKey\nExpire-Date: 0\n%commit\n',

will generate following output:

gpg: keybox '/tmp/tmp-3abk6l8/pubring.kbx' created
gpg: Generating key
[GNUPG:] INQUIRE_MAXLEN 100
[GNUPG:] GET_HIDDEN passphrase.enter
[GNUPG:] GOT_IT
gpg: agent_genkey failed: Operation cancelled
gpg: key generation failed: Operation cancelled
[GNUPG:] ERROR key_generate 33554531
[GNUPG:] KEY_NOT_CREATED

It seems that agent and gpg are going through some "brain-split" episode as the errors seem to indicate, that everyone is thinking the other party canceled the transfer. The strace indicates, that gnupg itself sends the "cancel" request to the agent and is astonished by the result - it cannot even give a meaningful error message about the current condition. As there is no other syscall activity, all the reasons for have to be in gpg2.

2138  write(2, "[GNUPG:] INQUIRE_MAXLEN 100", 27) = 27
2138  write(2, "\n", 1)                 = 1
2138  write(2, "[GNUPG:] GET_HIDDEN passphrase.enter", 36) = 36
2138  write(2, "\n", 1)                 = 1
2138  read(0, "", 1)                    = 0
2138  write(2, "[GNUPG:] GOT_IT", 15)   = 15   --- not knowing what gnupg successfully got here as there is no passphrase to read
2138  write(2, "\n", 1)                 = 1
2138  write(3, "CAN", 3)                = 3            --- Gnupg sending cancel
2138  write(3, "\n", 1)                 = 1
2138  read(3,  <unfinished ...>
2142  read(9, "CAN\n", 1002)            = 4     --- Agent reading cancel
2142  getpid()                          = 2141
2142  write(2, "gpg-agent[2141]: command 'GENKEY' failed: IPC call has been cancelled", 69) = 69
2142  write(2, "\n", 1)                 = 1
2142  write(9, "ERR 67109141 IPC call has been cancelled <GPG Agent>", 52) = 52  --- Agent telling gnupg about cancel
2138  <... read resumed> "ERR 67109141 IPC call has been cancelled <GPG Agent>", 1002) = 52 -- gpg reading cancel
2138  read(3,  <unfinished ...>
2142  write(9, "\n", 1)                 = 1
2138  <... read resumed> "\n", 950)     = 1
2138  write(2, "gpg: agent_genkey failed: Operation cancelled", 45) = 45
2138  write(2, "\n", 1)                 = 1
2138  write(2, "gpg: key generation failed: Operation cancelled", 47) = 47
2138  write(2, "\n", 1)                 = 1
2138  write(2, "[GNUPG:] ERROR key_generate 33554531", 36) = 36
2138  write(2, "\n", 1)                 = 1
2138  write(2, "[GNUPG:] KEY_NOT_CREATED ", 25) = 25
2138  write(2, "\n", 1)                 = 1
2138  read(0, "", 8192)                 = 0
2138  munmap(0x7faad0a44000, 65536)     = 0
2138  exit_group(2)                     = ?
2138  +++ exited with 2 +++

Does someone know how to fix that?

LG Roman

More information about the Gnupg-users mailing list