[Pkg-gnupg-maint] Bug#772780: gnupg: "out of secure memory" even with only 4096-RSA keys when using addkey in --edit-key interface

David Z unimportantdavidz at gmail.com
Thu Dec 11 04:50:57 UTC 2014


I originally wondered if it might be passphrase length. I managed to
reproduce it (100% of times i've tried addkey today in general) even
with a single-character passphrase. I will try no passphrase now (success):


###################
###################


$ gpg --gen-key
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
Your selection? 8

Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Sign Certify Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? e

Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Sign Certify

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 8y
Key expires at Thu 08 Dec 2022 11:18:35 PM EST
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh at duesseldorf.de>"

Real name: secmemtest
Email address:
Comment:
You selected this USER-ID:
    "secmemtest"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway.  You can change your passphrase at any time,
using this program with the option "--edit-key".

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
........+++++
+++++
gpg: writing self signature
gpg: RSA/SHA512 signature from: "0x6AC09B03FBEC393A [?]"
gpg: writing public key to `/home/user/.gnupg/pubring.gpg'
gpg: writing secret key to `/home/user/.gnupg/secring.gpg'
gpg: using PGP trust model
gpg: key 0x6AC09B03FBEC393A marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 66 keys cached (4286 signatures)
gpg: 26 keys processed (19 validity counts cleared)
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: next trustdb check due at 2015-02-21
pub   4096R/0x6AC09B03FBEC393A 2014-12-11 [expires: 2022-12-09]
      Key fingerprint = 2B4B 9CF0 DABC 03D5 9928  A311 6AC0 9B03 FBEC 393A
uid                 [ultimate] secmemtest

Note that this key cannot be used for encryption.  You may want to use
the command "--edit-key" to generate a subkey for this purpose.


###################


$ gpg --edit-key 0x6AC09B03FBEC393A
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

gpg: using PGP trust model
pub  4096R/0x6AC09B03FBEC393A  created: 2014-12-11  expires: 2022-12-09
 usage: SC
                               trust: ultimate      validity: ultimate
[ultimate] (1). secmemtest

gpg> addkey
This key is not protected.
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
Your selection? 8

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? e

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 6y
Key expires at Tue 08 Dec 2020 11:19:18 PM EST
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
..........+++++
...............+++++
gpg: writing key binding signature
gpg: RSA/SHA512 signature from: "0x6AC09B03FBEC393A secmemtest"
gpg: RSA/SHA512 signature from: "0xFEE0B1DCA2C1090C [?]"
gpg: writing key binding signature
gpg: RSA/SHA512 signature from: "0x6AC09B03FBEC393A secmemtest"
gpg: RSA/SHA512 signature from: "0xFEE0B1DCA2C1090C [?]"

pub  4096R/0x6AC09B03FBEC393A  created: 2014-12-11  expires: 2022-12-09
 usage: SC
                               trust: ultimate      validity: ultimate
sub  4096R/0xFEE0B1DCA2C1090C  created: 2014-12-11  expires: 2020-12-09
 usage: S
[ultimate] (1). secmemtest

gpg> save


###################
###################


However, I then deleted that keypair and tried another, with the
passphrase "test" and met the same error:


###################
###################


$ gpg --gen-key
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
Your selection? 8

Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Sign Certify Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? e

Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Sign Certify

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 8y
Key expires at Thu 08 Dec 2022 11:20:36 PM EST
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh at duesseldorf.de>"

Real name: secmemtestmore
Email address:
Comment:
You selected this USER-ID:
    "secmemtestmore"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
......+++++
.........+++++
gpg: writing self signature
gpg: RSA/SHA512 signature from: "0xE5E0E87C61CE7430 [?]"
gpg: writing public key to `/home/user/.gnupg/pubring.gpg'
gpg: writing secret key to `/home/user/.gnupg/secring.gpg'
gpg: using PGP trust model
gpg: key 0xE5E0E87C61CE7430 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 66 keys cached (4286 signatures)
gpg: 27 keys processed (19 validity counts cleared)
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: next trustdb check due at 2015-02-21
pub   4096R/0xE5E0E87C61CE7430 2014-12-11 [expires: 2022-12-09]
      Key fingerprint = D696 FDB4 1843 FB42 5730  8664 E5E0 E87C 61CE 7430
uid                 [ultimate] secmemtestmore

Note that this key cannot be used for encryption.  You may want to use
the command "--edit-key" to generate a subkey for this purpose.


###################


$ gpg --edit-key 0xE5E0E87C61CE7430
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

gpg: using PGP trust model
pub  4096R/0xE5E0E87C61CE7430  created: 2014-12-11  expires: 2022-12-09
 usage: SC
                               trust: ultimate      validity: ultimate
[ultimate] (1). secmemtestmore

gpg> addkey
Key is protected.

You need a passphrase to unlock the secret key for
user: "secmemtestmore"
4096-bit RSA key, ID 0xE5E0E87C61CE7430, created 2014-12-11

Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
Your selection? 8

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? e

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 6y
Key expires at Tue 08 Dec 2020 11:21:23 PM EST
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
...+++++
.+++++
gpg: writing key binding signature
gpg: out of secure memory while allocating 1024 bytes
gpg: (this may be caused by too many secret keys used simultaneously or
due to excessive large key sizes)


###################
###################

I repeated that process with a new keypair and again the passphrase
"test" again and it also failed.

I then generated two keypairs both without a passphrase and succeeded
both times.

After that I generated one more with passphrase "test" and it failed again.


###################
###################


My gpg.conf:


charset utf-8
keyserver hkp://hkps.pool.sks-keyservers.net
keyserver-options no-honor-keyserver-url
verbose
list-options show-keyring show-sig-expire show-uid-validity
ask-cert-level
ask-sig-expire
ask-cert-expire

compress-level 0
bzip2-compress-level 0
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
CAST5 Uncompressed
keyid-format 0xlong
expert
no-emit-version
default-preference-list S10 S9 S8 S7 H10 H9 H8 H3 H2 Z0
personal-cipher-preferences S10 S9 S8 S7
personal-digest-preferences H10 H9 H8 H3 H2
personal-compress-preferences Z0
s2k-cipher-algo S10
s2k-digest-algo H10
s2k-mode 3
s2k-count 65011712


###################
###################


If there is anything more I can do to help, please let me know.


On 12/10/2014 11:15 PM, NIIBE Yutaka wrote:
> Thank you for your report.
> 
> On 12/11/2014 10:05 AM, David Z wrote:
>> Created a new keypair today. Was unable to add a subkey, even though all keys
>> involved are within expected limits (4096 bit RSA).
>>
>> Dies at:
>>
>> gpg: writing key binding signature
>> gpg: out of secure memory while allocating 1024 bytes
>> gpg: (this may be caused by too many secret keys used simultaneously or due to
>> excessive large key sizes)
>>
>> This has occurred in all of my attempts today, with multiple fresh testing
>> keys, though I recall performing this action at least somewhat recently with
>> success. Full output:
> 
> I tried to reproduce this bug.  It was very difficult for me, but I
> managed to reproduce it this afternoon.
> 
> My experiment is following your scenario with my configuration of
> GnuPG.  My configuration of GnuPG is as same as:
> 
> 	http://keyring.debian.org/creating-key.html
> 
> (It looks like your configuration has preference of SHA512, though.)
> 
> I used 1400-byte long passphrase, and I got same error.
> 
> Are you using such a long passphrase like mine?
> 





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20141210/ce217448/attachment-0001.sig>


More information about the Pkg-gnupg-maint mailing list