On 03/09/17 17:42, Dan Horne wrote: > Warning: using insecure memory! > gpg-agent[10073]: command get_passphrase failed: End of file > gpg: problem with the agent: End of file > gpg: Key generation canceled.
There seems to be 2 different problems here: * That gpg (or gpg-agent) fail when calling pinentry. (the “get_passphrase” fail. * That memory pages can not be locked (“using insecure memory!”). However, I do not know how to solve either. My understanding is that “insecury memory” means simply that gpg can not lock memory pages so as to reduce the probability that they are written to swap. This is only a security concern if an attacker can read the raw disk device. > Regarding the warning, the recommended response I found via Internet search > was: > > # chmod u+s /path/to/gpg > > This was done, but didn't affect the warning: Are you sure that this is required in Solaris? At least in Debian GNU/Linux there is no need to setuid the gpg binary to root. Root setuid programs are a security problem. If an attacker can get control of this program, he can operate with root privileges. Look for what the requirement for locking pages are in the Solaris documentation. > After a bit more Googling, I tried adding the following to my gpg.conf > file, but it caused a syntax error: > > pinentry-program /opt/csw/bin/pinentry-curses “pinentry-program” is an option of gpg-agent, not gpg. If you want to specify this option, you must put it in “$HOME/.gnupg/gpg-agent.conf”. -- Do not eat animals; respect them as you respect people. https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
