Mailing List Archive: Signing message problem with GPG loopback pin-entry option

Signing message problem with GPG loopback pin-entry option

Feb 20, 2022, 6:15 AM

Post #1 of 4 (351 views)

I am trying to encrypt and sign a file with gpg and loopback pinentry
option, with the below command:

gpg --pinentry-mode=loopback --passphrase ="mypws" \
--ignore-time-conflict --ignore-valid-from \
--cipher-algo AES256 --symmetric --ignore-time-conflict \
--passphrase-file ~/.gnupg/PG/p-enckey --trust-model always -q --batch
--yes --local-user "UserID" \
--sign --force-mdc \
--output /var/psigner/2 \
/var/psigner/1

however i got the below error message:

gpg: signing failed: Too much data for IPC layer
gpg: /var/psigner/1: sign+symmetric failed: Too much data for IPC layer

but with the below command, which a dialog pops up to ask for the key
passphrase, everything works fine.

gpg \
--ignore-time-conflict --ignore-valid-from \
--cipher-algo AES256 --symmetric --ignore-time-conflict \
--passphrase-file ~/.gnupg/PG/patch-enckey --trust-model always -q
--batch --yes --local-user "UserID" \
--sign --force-mdc \
--output /var/psigner/2 \
/var/psigner/1

Can anyone give me advice to solve the problem?

Re: Signing message problem with GPG loopback pin-entry option [ In reply to ]

kloecker at kde

Feb 20, 2022, 8:06 AM

Post #2 of 4 (351 views)

Permalink

On Sonntag, 20. Februar 2022 16:25:31 CET Alireza Sadeghpour via Gnupg-users
wrote:
> I am trying to encrypt and sign a file with gpg and loopback pinentry
> option, with the below command:
>
> gpg --pinentry-mode=loopback --passphrase ="mypws" \
> --ignore-time-conflict --ignore-valid-from \
> --cipher-algo AES256 --symmetric --ignore-time-conflict \
> --passphrase-file ~/.gnupg/PG/p-enckey --trust-model always -q --batch
> --yes --local-user "UserID" \
> --sign --force-mdc \
> --output /var/psigner/2 \
> /var/psigner/1

Using the options --passphrase *and* --passphrase-file makes no sense.

> however i got the below error message:
>
> gpg: signing failed: Too much data for IPC layer
> gpg: /var/psigner/1: sign+symmetric failed: Too much data for IPC layer

Could it be that the file ~/.gnupg/PG/p-enckey contains more data than gpg
allows/supports for a passphrase?

> Can anyone give me advice to solve the problem?

Removing `--passphrase-file ~/.gnupg/PG/p-enckey` from the command line could
solve your problem.

Regards,
Ingo

Re: Signing message problem with GPG loopback pin-entry option [ In reply to ]

gnupg-users at gnupg

Feb 20, 2022, 8:37 AM

Post #3 of 4 (351 views)

Permalink

Thanks for your response,

Actually i need to use two keys, one for aes encryption and another one is
used for rsa signing, which both of them are protected with a passphrase.

I tried to indicate rsa key passphrase with --passphrase option and aes key
with --passphrase-file option.

If that is wrong, how can i indicate passphrase for two separate keys in
same command?

Sencerly

On Sun, 20 Feb 2022, 7:37 PM Ingo Klöcker, <kloecker@kde.org> wrote:

> On Sonntag, 20. Februar 2022 16:25:31 CET Alireza Sadeghpour via
> Gnupg-users
> wrote:
> > I am trying to encrypt and sign a file with gpg and loopback pinentry
> > option, with the below command:
> >
> > gpg --pinentry-mode=loopback --passphrase ="mypws" \
> > --ignore-time-conflict --ignore-valid-from \
> > --cipher-algo AES256 --symmetric --ignore-time-conflict \
> > --passphrase-file ~/.gnupg/PG/p-enckey --trust-model always -q --batch
> > --yes --local-user "UserID" \
> > --sign --force-mdc \
> > --output /var/psigner/2 \
> > /var/psigner/1
>
> Using the options --passphrase *and* --passphrase-file makes no sense.
>
> > however i got the below error message:
> >
> > gpg: signing failed: Too much data for IPC layer
> > gpg: /var/psigner/1: sign+symmetric failed: Too much data for IPC layer
>
> Could it be that the file ~/.gnupg/PG/p-enckey contains more data than gpg
> allows/supports for a passphrase?
>
> > Can anyone give me advice to solve the problem?
>
> Removing `--passphrase-file ~/.gnupg/PG/p-enckey` from the command line
> could
> solve your problem.
>
> Regards,
> Ingo
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
>

Re: Signing message problem with GPG loopback pin-entry option [ In reply to ]

kloecker at kde

Feb 20, 2022, 9:00 AM

Post #4 of 4 (351 views)

Permalink

On Sonntag, 20. Februar 2022 17:37:51 CET Alireza Sadeghpour wrote:
> On Sun, 20 Feb 2022, 7:37 PM Ingo Kl?cker, <kloecker@kde.org> wrote:
> > On Sonntag, 20. Februar 2022 16:25:31 CET Alireza Sadeghpour wrote:
> > > I am trying to encrypt and sign a file with gpg and loopback pinentry
> > > option, with the below command:
> > >
> > > gpg --pinentry-mode=loopback --passphrase ="mypws" \
> > > --ignore-time-conflict --ignore-valid-from \
> > > --cipher-algo AES256 --symmetric --ignore-time-conflict \
> > > --passphrase-file ~/.gnupg/PG/p-enckey --trust-model always -q --batch
> > > --yes --local-user "UserID" \
> > > --sign --force-mdc \
> > > --output /var/psigner/2 \
> > > /var/psigner/1
> >
> > Using the options --passphrase *and* --passphrase-file makes no sense.
>
> Actually i need to use two keys, one for aes encryption and another one is
> used for rsa signing, which both of them are protected with a passphrase.
>
> I tried to indicate rsa key passphrase with --passphrase option and aes key
> with --passphrase-file option.
>
> If that is wrong, how can i indicate passphrase for two separate keys in
> same command?

Our usual reply to people trying to do provide a passphrase for doing
automatic signing (or decryption) is: Use a passphrase-less key.

If you put the passphrase needed for the signing key next to the signing key,
then you do not gain any security by protecting the signing key with a non-
empty passphrase. That's like putting a super secure lock into the front door
of your house and then hanging the key next to the door on a nail.

Regards,
Ingo

Mailing List Archive

Attached Files:

Attached Files: