Ubuntu
gnupg2 package

gpg generate-key fails

Bug #1846153 reported by dundir
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnupg2 (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Description:
Generating a gpg key unattended fails on Ubuntu 18.04.3 LTS.

Standard User
> gpg --generate-key --batch < temp.batch
gpg: Generating a standard key
gpg: can't create '(null)': Permission denied
gpg: done

Root Superuser
#> gpg --generate-key --batch < temp.batch
gpg: Generating a standard key
gpg: agent_genkey failed: Inappropriate ioctl for device
gpg: key generation failed: Inappropriate ioctl for device
gpg: done

Steps to replicate:

> ~/.gnupg/gpg.conf
cert-digest-algo SHA256
digest-algo SHA256

# Generates batch instructions
cat > temp.batch << EOF
%echo Generating a standard key
Key-Type: RSA
Key-Length: 4096
Subkey-Length: 4096
Name-Real: temp
Name-Email: <email address hidden>
Expire-Date: 0
%pubring temp.pub
%secring temp.key
# commit needed to echo
%commit
%echo done

#> gpg --version

gpg (GnuPG) 2.2.4
libgcrypt 1.8.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Revision history for this message
dundir (dundir) wrote :

Additionally, the workaround that many people suggest for similar errors (via google) as described at https://d.sb/2016/11/gpg-inappropriate-ioctl-for-device-errors does not work.

The output with proposed changes from the above link:

#> gpg --generate-key --batch < temp.batch
gpg: Generating a standard key
gpg: Sorry, we are in batchmode - can't get input

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Does it work if you either set a passphrase in the batch file or use %no-protection to indicate no passphrase?

https://www.gnupg.org/documentation/manuals/gnupg-devel/Unattended-GPG-key-generation.html

Thanks

Changed in gnupg2 (Ubuntu):
status: New → Incomplete
Revision history for this message
dundir (dundir) wrote :

I've verified that adding %no-protection to the batch file does allow the key generation to proceed past the error to completion but there are other issues.

GPG generates the public key and exports to a file successfully. The public keyfile contains data, but its untestable.

The private key is not generated. Its missing from the keyring, and from the documentation it appears %secring doesn't export the secret key to a file and that's expected since %secring has been nooped after 2.1 in the documentation.

Revision history for this message
dundir (dundir) wrote :

Upon closer inspection of the ~/.gnupg folder it appears that at some point a directory is created with the label private-keys-v1.d, the generation process does not recreate the directory if its missing and running the batch command returns a very un-useful "file not found" error if the directory doesn't exist.

Inside this directory are files in the format [keyid].key.
Inspecting the files for formatting with gpg --list-packets return the following output:

gpg: no valid OpenPGP data found.
gpg: processing message failed: Unknown system error

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for gnupg2 (Ubuntu) because there has been no activity for 60 days.]

Changed in gnupg2 (Ubuntu):
status: Incomplete → Expired
Revision history for this message
dundir (dundir) wrote :

ping

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.