[Pkg-gnupg-maint] Bug#772780: gnupg: "out of secure memory" even with only 4096-RSA keys when using addkey in --edit-key interface
David Z
unimportantdavidz at gmail.com
Thu Dec 11 14:29:40 UTC 2014
Would increasing the amount of secure memory that's allocated be a
reasonable fix? I am not a coder and I don't understand what the
drawbacks of increasing the secure memory are, but presumably free
memory in general is much more abundant now than it was when the amount
was set?
In Bug #739424 which I looked at before submitting this, it is mentioned
how to do so:
gnupg-1.4.16/g10/gpg.c:1998
got_secmem=secmem_init( 32768 );
Perhaps this would be a reasonable default under the new blinding scheme?
On 12/11/2014 04:54 AM, NIIBE Yutaka wrote:
> Thank you. It is now reproducible for me (i386 and amd64) with
> gnupg 1.4.12-7+deb7u6.
>
> I think that the combination of:
>
> Your configuration of: s2k-cipher-algo S10
> Adding RSA-4096 subkey for sign
> RSA Blinding
>
> ... are things to cause the issue.
>
> I don't have a solution/workaround at hand, right now, but I could
> explain the reason.
>
> In the security fix, GnuPG introduced RSA Blinding which requires more
> memory. Thus, some operations (which could be done in the past)
> cannot be done these days.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20141211/18964b0d/attachment.sig>
More information about the Pkg-gnupg-maint
mailing list