Package: gpg Version: 2.4.7-14 Severity: normal X-Debbugs-Cc: debian.a...@manchmal.in-ulm.de
Summary: When trying to generate a key using the batch file mode, the "Key-Type: default" option beraks the operation. As part of some testing, I'm generating a temporary key, using a batch file to pass some parameters. Use this little shell script as a reproducer: =========================================================== #!/bin/sh set -eu temp_dir="$(mktemp --directory --tmpdir "reprod.$$.XXXXX")" trap "cd / ; rm -rf \"$temp_dir\"" EXIT gpg_home="$temp_dir/gpg_home" mkdir -m700 "$gpg_home" batch_file="$temp_dir/batch" cat <<__EOS__ >"$batch_file" Key-Type: default Subkey-Type: default Name-Real: John Doe Name-Email: john....@example.com Expire-Date: 0 %no-protection %commit __EOS__ gpg --homedir "$gpg_home" --batch --generate-key "$batch_file" gpg --homedir "$gpg_home" --with-colons --list-keys =========================================================== In Debian 12 (gpg 2.2.40-1.1), and expected, output is (modulo timestamps and various random bits): | gpg: keybox '/tmp/reprod.1908235.T8HfC/gpg_home/pubring.kbx' created | gpg: /tmp/reprod.1908235.T8HfC/gpg_home/trustdb.gpg: trustdb created (...) | tru:o:1:1744699266:1:3:1:5 | pub:u:3072:1:5568831507F12921:1744699264:::u:::escaESCA::::::23::0: | fpr:::::::::41F2D907E7F11CD5825719045568831507F12921: | uid:u::::1744699264::454A9C7753721D33C846A7FFEDB690FD548BCE5C::John Doe <john....@example.com>::::::::::0: | sub:u:3072:1:2B5308B1ED9F66BA:1744699264::::::esa::::::23: | fpr:::::::::0E7033D83012E06FE36CB9762B5308B1ED9F66BA: Since the advent of gpg 2.4.7-14, gpg --generate-key fails: | gpg: keybox '/tmp/reprod.1908493.etLXj/gpg_home/pubring.kbx' created | gpg: key generation failed: Unknown elliptic curve Not sure whether this is and intended change, at least it took me some hours. The workaround is to make the key type explicit, so -Key-Type: default -Subkey-Type: default +Key-Type: rsa +Key-Length: 3072 +Subkey-Type: rsa +Subkey-Length: 3072 ... which isn't nice. Also, there's a subtle change in the "key capabilities" (column 12), already in Debian 12: Using "default", gpg 2.2 | pub:scESC | sub:e Using "rsa/3072", gpg 2.2 | pub:escaESCA | sub:esa Using "rsa/3072", gpg 2.4 | pub:escarESCA | sub:esa This is documented in gpg(1), in "Key-Usage:" - still it came as a surprise. And the change (here: subkey may be used to sign) actually seems sensible. Too bad my mediocre test program couldn't deal with it. But that's none of your concern. Regards -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.22 (SMP w/8 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages gpg depends on: ii gpgconf 2.4.7-14 ii init-system-helpers 1.68 ii libassuan9 3.0.2-2 ii libbz2-1.0 1.0.8-6 ii libc6 2.41-6 ii libgcrypt20 1.11.0-7 ii libgpg-error0 1.51-4 ii libksba8 1.6.7-2+b1 ii libnpth0t64 1.8-3 ii libreadline8t64 8.2-6 ii libsqlite3-0 3.46.1-3 ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1 Versions of packages gpg recommends: ii gnupg 2.4.7-14 gpg suggests no packages. -- no debconf information
signature.asc
Description: PGP signature
