[Pkg-gnupg-maint] Bug#772780: gnupg: "out of secure memory" even with only 4096-RSA keys when using addkey in --edit-key interface
David Z
unimportantdavidz at gmail.com
Thu Dec 11 04:56:31 UTC 2014
Egads, I'm really a fool. I omitted two lines from my gpg.conf:
cert-digest-algo H10
force-v4-certs
My most sincere apologies,
David Z
On 12/10/2014 11:50 PM, David Z wrote:
> I originally wondered if it might be passphrase length. I managed to
> reproduce it (100% of times i've tried addkey today in general) even
> with a single-character passphrase. I will try no passphrase now (success):
>
>
> ###################
> ###################
>
>
> $ gpg --gen-key
> gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Please select what kind of key you want:
> (1) RSA and RSA (default)
> (2) DSA and Elgamal
> (3) DSA (sign only)
> (4) RSA (sign only)
> (7) DSA (set your own capabilities)
> (8) RSA (set your own capabilities)
> Your selection? 8
>
> Possible actions for a RSA key: Sign Certify Encrypt Authenticate
> Current allowed actions: Sign Certify Encrypt
>
> (S) Toggle the sign capability
> (E) Toggle the encrypt capability
> (A) Toggle the authenticate capability
> (Q) Finished
>
> Your selection? e
>
> Possible actions for a RSA key: Sign Certify Encrypt Authenticate
> Current allowed actions: Sign Certify
>
> (S) Toggle the sign capability
> (E) Toggle the encrypt capability
> (A) Toggle the authenticate capability
> (Q) Finished
>
> Your selection? q
> RSA keys may be between 1024 and 4096 bits long.
> What keysize do you want? (2048) 4096
> Requested keysize is 4096 bits
> Please specify how long the key should be valid.
> 0 = key does not expire
> <n> = key expires in n days
> <n>w = key expires in n weeks
> <n>m = key expires in n months
> <n>y = key expires in n years
> Key is valid for? (0) 8y
> Key expires at Thu 08 Dec 2022 11:18:35 PM EST
> Is this correct? (y/N) y
>
> You need a user ID to identify your key; the software constructs the user ID
> from the Real Name, Comment and Email Address in this form:
> "Heinrich Heine (Der Dichter) <heinrichh at duesseldorf.de>"
>
> Real name: secmemtest
> Email address:
> Comment:
> You selected this USER-ID:
> "secmemtest"
>
> Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
> You need a Passphrase to protect your secret key.
>
> You don't want a passphrase - this is probably a *bad* idea!
> I will do it anyway. You can change your passphrase at any time,
> using this program with the option "--edit-key".
>
> We need to generate a lot of random bytes. It is a good idea to perform
> some other action (type on the keyboard, move the mouse, utilize the
> disks) during the prime generation; this gives the random number
> generator a better chance to gain enough entropy.
> ........+++++
> +++++
> gpg: writing self signature
> gpg: RSA/SHA512 signature from: "0x6AC09B03FBEC393A [?]"
> gpg: writing public key to `/home/user/.gnupg/pubring.gpg'
> gpg: writing secret key to `/home/user/.gnupg/secring.gpg'
> gpg: using PGP trust model
> gpg: key 0x6AC09B03FBEC393A marked as ultimately trusted
> public and secret key created and signed.
>
> gpg: checking the trustdb
> gpg: 66 keys cached (4286 signatures)
> gpg: 26 keys processed (19 validity counts cleared)
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: next trustdb check due at 2015-02-21
> pub 4096R/0x6AC09B03FBEC393A 2014-12-11 [expires: 2022-12-09]
> Key fingerprint = 2B4B 9CF0 DABC 03D5 9928 A311 6AC0 9B03 FBEC 393A
> uid [ultimate] secmemtest
>
> Note that this key cannot be used for encryption. You may want to use
> the command "--edit-key" to generate a subkey for this purpose.
>
>
> ###################
>
>
> $ gpg --edit-key 0x6AC09B03FBEC393A
> gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Secret key is available.
>
> gpg: using PGP trust model
> pub 4096R/0x6AC09B03FBEC393A created: 2014-12-11 expires: 2022-12-09
> usage: SC
> trust: ultimate validity: ultimate
> [ultimate] (1). secmemtest
>
> gpg> addkey
> This key is not protected.
> Please select what kind of key you want:
> (3) DSA (sign only)
> (4) RSA (sign only)
> (5) Elgamal (encrypt only)
> (6) RSA (encrypt only)
> (7) DSA (set your own capabilities)
> (8) RSA (set your own capabilities)
> Your selection? 8
>
> Possible actions for a RSA key: Sign Encrypt Authenticate
> Current allowed actions: Sign Encrypt
>
> (S) Toggle the sign capability
> (E) Toggle the encrypt capability
> (A) Toggle the authenticate capability
> (Q) Finished
>
> Your selection? e
>
> Possible actions for a RSA key: Sign Encrypt Authenticate
> Current allowed actions: Sign
>
> (S) Toggle the sign capability
> (E) Toggle the encrypt capability
> (A) Toggle the authenticate capability
> (Q) Finished
>
> Your selection? q
> RSA keys may be between 1024 and 4096 bits long.
> What keysize do you want? (2048) 4096
> Requested keysize is 4096 bits
> Please specify how long the key should be valid.
> 0 = key does not expire
> <n> = key expires in n days
> <n>w = key expires in n weeks
> <n>m = key expires in n months
> <n>y = key expires in n years
> Key is valid for? (0) 6y
> Key expires at Tue 08 Dec 2020 11:19:18 PM EST
> Is this correct? (y/N) y
> Really create? (y/N) y
> We need to generate a lot of random bytes. It is a good idea to perform
> some other action (type on the keyboard, move the mouse, utilize the
> disks) during the prime generation; this gives the random number
> generator a better chance to gain enough entropy.
> ..........+++++
> ...............+++++
> gpg: writing key binding signature
> gpg: RSA/SHA512 signature from: "0x6AC09B03FBEC393A secmemtest"
> gpg: RSA/SHA512 signature from: "0xFEE0B1DCA2C1090C [?]"
> gpg: writing key binding signature
> gpg: RSA/SHA512 signature from: "0x6AC09B03FBEC393A secmemtest"
> gpg: RSA/SHA512 signature from: "0xFEE0B1DCA2C1090C [?]"
>
> pub 4096R/0x6AC09B03FBEC393A created: 2014-12-11 expires: 2022-12-09
> usage: SC
> trust: ultimate validity: ultimate
> sub 4096R/0xFEE0B1DCA2C1090C created: 2014-12-11 expires: 2020-12-09
> usage: S
> [ultimate] (1). secmemtest
>
> gpg> save
>
>
> ###################
> ###################
>
>
> However, I then deleted that keypair and tried another, with the
> passphrase "test" and met the same error:
>
>
> ###################
> ###################
>
>
> $ gpg --gen-key
> gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Please select what kind of key you want:
> (1) RSA and RSA (default)
> (2) DSA and Elgamal
> (3) DSA (sign only)
> (4) RSA (sign only)
> (7) DSA (set your own capabilities)
> (8) RSA (set your own capabilities)
> Your selection? 8
>
> Possible actions for a RSA key: Sign Certify Encrypt Authenticate
> Current allowed actions: Sign Certify Encrypt
>
> (S) Toggle the sign capability
> (E) Toggle the encrypt capability
> (A) Toggle the authenticate capability
> (Q) Finished
>
> Your selection? e
>
> Possible actions for a RSA key: Sign Certify Encrypt Authenticate
> Current allowed actions: Sign Certify
>
> (S) Toggle the sign capability
> (E) Toggle the encrypt capability
> (A) Toggle the authenticate capability
> (Q) Finished
>
> Your selection? q
> RSA keys may be between 1024 and 4096 bits long.
> What keysize do you want? (2048) 4096
> Requested keysize is 4096 bits
> Please specify how long the key should be valid.
> 0 = key does not expire
> <n> = key expires in n days
> <n>w = key expires in n weeks
> <n>m = key expires in n months
> <n>y = key expires in n years
> Key is valid for? (0) 8y
> Key expires at Thu 08 Dec 2022 11:20:36 PM EST
> Is this correct? (y/N) y
>
> You need a user ID to identify your key; the software constructs the user ID
> from the Real Name, Comment and Email Address in this form:
> "Heinrich Heine (Der Dichter) <heinrichh at duesseldorf.de>"
>
> Real name: secmemtestmore
> Email address:
> Comment:
> You selected this USER-ID:
> "secmemtestmore"
>
> Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
> You need a Passphrase to protect your secret key.
>
> We need to generate a lot of random bytes. It is a good idea to perform
> some other action (type on the keyboard, move the mouse, utilize the
> disks) during the prime generation; this gives the random number
> generator a better chance to gain enough entropy.
> ......+++++
> .........+++++
> gpg: writing self signature
> gpg: RSA/SHA512 signature from: "0xE5E0E87C61CE7430 [?]"
> gpg: writing public key to `/home/user/.gnupg/pubring.gpg'
> gpg: writing secret key to `/home/user/.gnupg/secring.gpg'
> gpg: using PGP trust model
> gpg: key 0xE5E0E87C61CE7430 marked as ultimately trusted
> public and secret key created and signed.
>
> gpg: checking the trustdb
> gpg: 66 keys cached (4286 signatures)
> gpg: 27 keys processed (19 validity counts cleared)
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: next trustdb check due at 2015-02-21
> pub 4096R/0xE5E0E87C61CE7430 2014-12-11 [expires: 2022-12-09]
> Key fingerprint = D696 FDB4 1843 FB42 5730 8664 E5E0 E87C 61CE 7430
> uid [ultimate] secmemtestmore
>
> Note that this key cannot be used for encryption. You may want to use
> the command "--edit-key" to generate a subkey for this purpose.
>
>
> ###################
>
>
> $ gpg --edit-key 0xE5E0E87C61CE7430
> gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Secret key is available.
>
> gpg: using PGP trust model
> pub 4096R/0xE5E0E87C61CE7430 created: 2014-12-11 expires: 2022-12-09
> usage: SC
> trust: ultimate validity: ultimate
> [ultimate] (1). secmemtestmore
>
> gpg> addkey
> Key is protected.
>
> You need a passphrase to unlock the secret key for
> user: "secmemtestmore"
> 4096-bit RSA key, ID 0xE5E0E87C61CE7430, created 2014-12-11
>
> Please select what kind of key you want:
> (3) DSA (sign only)
> (4) RSA (sign only)
> (5) Elgamal (encrypt only)
> (6) RSA (encrypt only)
> (7) DSA (set your own capabilities)
> (8) RSA (set your own capabilities)
> Your selection? 8
>
> Possible actions for a RSA key: Sign Encrypt Authenticate
> Current allowed actions: Sign Encrypt
>
> (S) Toggle the sign capability
> (E) Toggle the encrypt capability
> (A) Toggle the authenticate capability
> (Q) Finished
>
> Your selection? e
>
> Possible actions for a RSA key: Sign Encrypt Authenticate
> Current allowed actions: Sign
>
> (S) Toggle the sign capability
> (E) Toggle the encrypt capability
> (A) Toggle the authenticate capability
> (Q) Finished
>
> Your selection? q
> RSA keys may be between 1024 and 4096 bits long.
> What keysize do you want? (2048) 4096
> Requested keysize is 4096 bits
> Please specify how long the key should be valid.
> 0 = key does not expire
> <n> = key expires in n days
> <n>w = key expires in n weeks
> <n>m = key expires in n months
> <n>y = key expires in n years
> Key is valid for? (0) 6y
> Key expires at Tue 08 Dec 2020 11:21:23 PM EST
> Is this correct? (y/N) y
> Really create? (y/N) y
> We need to generate a lot of random bytes. It is a good idea to perform
> some other action (type on the keyboard, move the mouse, utilize the
> disks) during the prime generation; this gives the random number
> generator a better chance to gain enough entropy.
> ...+++++
> .+++++
> gpg: writing key binding signature
> gpg: out of secure memory while allocating 1024 bytes
> gpg: (this may be caused by too many secret keys used simultaneously or
> due to excessive large key sizes)
>
>
> ###################
> ###################
>
> I repeated that process with a new keypair and again the passphrase
> "test" again and it also failed.
>
> I then generated two keypairs both without a passphrase and succeeded
> both times.
>
> After that I generated one more with passphrase "test" and it failed again.
>
>
> ###################
> ###################
>
>
> My gpg.conf:
>
>
> charset utf-8
> keyserver hkp://hkps.pool.sks-keyservers.net
> keyserver-options no-honor-keyserver-url
> verbose
> list-options show-keyring show-sig-expire show-uid-validity
> ask-cert-level
> ask-sig-expire
> ask-cert-expire
>
> compress-level 0
> bzip2-compress-level 0
> personal-digest-preferences SHA512
> cert-digest-algo SHA512
> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
> CAST5 Uncompressed
> keyid-format 0xlong
> expert
> no-emit-version
> default-preference-list S10 S9 S8 S7 H10 H9 H8 H3 H2 Z0
> personal-cipher-preferences S10 S9 S8 S7
> personal-digest-preferences H10 H9 H8 H3 H2
> personal-compress-preferences Z0
> s2k-cipher-algo S10
> s2k-digest-algo H10
> s2k-mode 3
> s2k-count 65011712
>
>
> ###################
> ###################
>
>
> If there is anything more I can do to help, please let me know.
>
>
> On 12/10/2014 11:15 PM, NIIBE Yutaka wrote:
>> Thank you for your report.
>>
>> On 12/11/2014 10:05 AM, David Z wrote:
>>> Created a new keypair today. Was unable to add a subkey, even though all keys
>>> involved are within expected limits (4096 bit RSA).
>>>
>>> Dies at:
>>>
>>> gpg: writing key binding signature
>>> gpg: out of secure memory while allocating 1024 bytes
>>> gpg: (this may be caused by too many secret keys used simultaneously or due to
>>> excessive large key sizes)
>>>
>>> This has occurred in all of my attempts today, with multiple fresh testing
>>> keys, though I recall performing this action at least somewhat recently with
>>> success. Full output:
>>
>> I tried to reproduce this bug. It was very difficult for me, but I
>> managed to reproduce it this afternoon.
>>
>> My experiment is following your scenario with my configuration of
>> GnuPG. My configuration of GnuPG is as same as:
>>
>> http://keyring.debian.org/creating-key.html
>>
>> (It looks like your configuration has preference of SHA512, though.)
>>
>> I used 1400-byte long passphrase, and I got same error.
>>
>> Are you using such a long passphrase like mine?
>>
>
>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20141210/33ad3279/attachment.sig>
More information about the Pkg-gnupg-maint
mailing list