AW: How to fix "ERROR key_generate 3355453" / "GENKEY' failed: IPC call has been cancelled"
Fiedler Roman
Roman.Fiedler at ait.ac.at
Tue Sep 4 16:08:08 CEST 2018
> Von: Peter Lebbing [mailto:peter at digitalbrains.com]
>
> On 04/09/18 15:22, Peter Lebbing wrote:
> > I don't understand, could you give commands, expected behaviour and
> > actual output?
>
> To clarify, I thought you were giving an example of "starting gpgv
> without any keyring at all", because you gave it a non-existing homedir.
> Only on re-reading your other mail did I understand this was an example
> of how you were actually trying to do it.
Sorry about being inprecise in my reply.
Yes, you are completely right: no matter which command line used, the
"[GNUPG:] UNEXPECTED 0
gpgv: verify signatures failed: Unexpected error"
error from gpgv or plain gpg does not vanish, only additional error messages
can be added depending on the keyrings used.
Using the /proc/self/fd/nonexistent as home directory should only serve the
purpose, that it is much harder for an attacker to create that path than one
where the parent directory is a writable file system.
I just removed the executable bit from "gpg2" binary and are now isolating
all gpg calls in a clean wrapper library to invoke "gpg1". When all use-cases
work with gpg1 and there is still some time, I will try to implement also a gpg2
wrapper to start another gpg1->gpg2 migration attempt. But that will be end
of September earliest.
More information about the Gnupg-users
mailing list