Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
gpg: keydb_search failed: Broken pipe
gnupg-users at gnupg
Apr 25, 2021, 1:41 PM
Post #1 of 4 (430 views)
Permalink
Hi,
I just found an issue today.
There's 2 keys, TestUser1 and TestUser2.
TestUser1 was without a passphrase.
TestUser2 was passphrase-protected, and used Curve 448 for encryption.
I encrypted the file with '--hidden-recipient'.
After decryption failed, gpg-agent was killed.

Here's the output:
---------------------------------------------------------------------------------
# gpg2 --version
gpg (GnuPG) 2.3.1
libgcrypt 1.9.3

# gpg2 -k
/root/.gnupg/pubring.kbx
------------------------
pub ed25519/0xFB3157F958F70A96 2021-04-25 [SC]
55532181F95968D1D72E1E20FB3157F958F70A96
uid [ultimate] TestUser1
sub cv25519/0x2EE9DBD136764E1E 2021-04-25 [E]

pub ed25519/0x19EC312D820A2F6E 2021-04-25 [C]
BF4E1C04CD57D9F11CFE5B0A19EC312D820A2F6E
uid [ultimate] TestUser2
sub ed25519/0x92588FA653AED764 2021-04-25 [S]
sub cv448/0xB36D6CA2989293FF 2021-04-25 [E]
sub ed25519/0x6C12D278DF8E2792 2021-04-25 [A]

# gpg2 -a -R 0xB36D6CA2989293FF! -e 1.txt
# gpg2 -d 1.txt.asc
gpg: encrypted with ECDH key, ID 0x0000000000000000
gpg: anonymous recipient; trying secret key 0x2EE9DBD136764E1E ...
gpg: keydb_search failed: Broken pipe
gpg: public key decryption failed: End of file
gpg: decryption failed: End of file

---------------------------------------------------------------------------------

- William
Re: gpg: keydb_search failed: Broken pipe [ In reply to ]
gnupg-users at gnupg
Apr 26, 2021, 10:44 AM
Post #2 of 4 (430 views)
Permalink
On Sun, 25 Apr 2021 16:41, William Holmes said:

> I encrypted the file with '--hidden-recipient'.
> After decryption failed, gpg-agent was killed.

Right, I was able to valgrind the bug. We will have a solution soon.

> pub ed25519/0xFB3157F958F70A96 2021-04-25 [SC]

Better don't use the keyids. In particular with v5 keys they are
confusing because for v5 the keyid are the leftmost bytes instead of the
rightmost with v3 and v4 keys.

You may want to remove the "keyid-format" from gpg.conf and instead add
with-subkey-fingerprint.

> sub cv448/0xB36D6CA2989293FF 2021-04-25 [E]

Note that we also have a problem that, depending on how the key is
created, a v4 instead of a v5 key is created with cv448. There is a fix
in 2.3.1 to make sure 448 only uses v5 but that fix was not enough.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Attached Files:

Re: gpg: keydb_search failed: Broken pipe [ In reply to ]
gniibe at fsij
Apr 27, 2021, 4:07 AM
Post #3 of 4 (430 views)
Permalink
On Sun, 25 Apr 2021 16:41, William Holmes said:
> I encrypted the file with '--hidden-recipient'.
> After decryption failed, gpg-agent was killed.

This is because there is a bug for decryption of anon recipient.

The size of input for decryption should be checked. So far, we only
have Curve25519 for Montgomery curve. With X448, we have another
Montgomery curve. That's the reason.

Werner Koch wrote:
> We will have a solution soon.

Fixed in libgcrypt master by the commit:

060c378c050e7ec6206358c681a313d6e1967dcf
--

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg: keydb_search failed: Broken pipe [ In reply to ]
gnupg-users at gnupg
Apr 27, 2021, 7:37 AM
Post #4 of 4 (427 views)
Permalink
That's good, it's fixed.



On Tue, Apr 27, 2021 at 7:07 AM Niibe Yutaka <gniibe@fsij.org> wrote:

> On Sun, 25 Apr 2021 16:41, William Holmes said:
> > I encrypted the file with '--hidden-recipient'.
> > After decryption failed, gpg-agent was killed.
>
> This is because there is a bug for decryption of anon recipient.
>
> The size of input for decryption should be checked. So far, we only
> have Curve25519 for Montgomery curve. With X448, we have another
> Montgomery curve. That's the reason.
>
> Werner Koch wrote:
> > We will have a solution soon.
>
> Fixed in libgcrypt master by the commit:
>
> 060c378c050e7ec6206358c681a313d6e1967dcf
> --
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal