1 [[meta title="monkeysphere --gen-subkey seems to fail if no gpg-agent is running"]]
3 Consider the following transcript of a user who starts with no OpenPGP
4 key in the first place:
6 0 wt215@squeak:~$ monkeysphere gen-subkey
7 You have no secret key available. You should create an OpenPGP
8 key before joining the monkeysphere. You can do this with:
10 255 wt215@squeak:~$ gpg --gen-key
11 gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
12 This is free software: you are free to change and redistribute it.
13 There is NO WARRANTY, to the extent permitted by law.
15 Please select what kind of key you want:
16 (1) DSA and Elgamal (default)
20 RSA keys may be between 1024 and 4096 bits long.
21 What keysize do you want? (2048) 1024
22 Requested keysize is 1024 bits
23 Please specify how long the key should be valid.
24 0 = key does not expire
25 <n> = key expires in n days
26 <n>w = key expires in n weeks
27 <n>m = key expires in n months
28 <n>y = key expires in n years
29 Key is valid for? (0) 1
30 Key expires at Sat 09 Aug 2008 09:41:34 AM EDT
31 Is this correct? (y/N) y
33 You need a user ID to identify your key; the software constructs the user ID
34 from the Real Name, Comment and Email Address in this form:
35 "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
38 Email address: monkey@example.org
40 You selected this USER-ID:
41 "Foo T. Bar (DO NOT USE!) <monkey@example.org>"
43 Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
44 You need a Passphrase to protect your secret key.
46 We need to generate a lot of random bytes. It is a good idea to perform
47 some other action (type on the keyboard, move the mouse, utilize the
48 disks) during the prime generation; this gives the random number
49 generator a better chance to gain enough entropy.
51 gpg: key A09F70B7 marked as ultimately trusted
52 public and secret key created and signed.
54 gpg: checking the trustdb
55 gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
56 gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
57 gpg: next trustdb check due at 2008-08-09
58 pub 1024R/A09F70B7 2008-08-08 [expires: 2008-08-09]
59 Key fingerprint = C3D3 1063 7CA1 5809 9EB9 7A63 F4E4 8D01 A09F 70B7
60 uid Foo T. Bar (DO NOT USE!) <monkey@example.org>
62 Note that this key cannot be used for encryption. You may want to use
63 the command "--edit-key" to generate a subkey for this purpose.
64 0 wt215@squeak:~$ monkeysphere gen-subkey
65 Please specify how long the key should be valid.
66 0 = key does not expire
67 <n> = key expires in n days
68 <n>w = key expires in n weeks
69 <n>m = key expires in n months
70 <n>y = key expires in n years
71 Key is valid for? (0) 2
72 ms: generating subkey...
73 gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
74 This is free software: you are free to change and redistribute it.
75 There is NO WARRANTY, to the extent permitted by law.
77 Secret key is available.
79 pub 1024R/A09F70B7 created: 2008-08-08 expires: 2008-08-09 usage: SC
80 trust: ultimate validity: ultimate
81 [ultimate] (1). Foo T. Bar (DO NOT USE!) <monkey@example.org>
85 You need a passphrase to unlock the secret key for
86 user: "Foo T. Bar (DO NOT USE!) <monkey@example.org>"
87 1024-bit RSA key, ID A09F70B7, created 2008-08-08
89 gpg: Invalid passphrase; please try again ...
91 You need a passphrase to unlock the secret key for
92 user: "Foo T. Bar (DO NOT USE!) <monkey@example.org>"
93 1024-bit RSA key, ID A09F70B7, created 2008-08-08
95 gpg: Invalid passphrase; please try again ...
97 You need a passphrase to unlock the secret key for
98 user: "Foo T. Bar (DO NOT USE!) <monkey@example.org>"
99 1024-bit RSA key, ID A09F70B7, created 2008-08-08
101 gpg: Key generation failed: bad passphrase
104 Invalid command (try "help")
109 This user does not have `use-agent` configured in `~/.gnupg/gpg.conf`.
111 This problem can be resolved by the user doing:
113 echo use-agent >> ~/.gnupg/gpg.conf
114 gpg-agent --daemon monkeysphere --gen-subkey
116 Then they will be prompted for their passphrase during key creation.
118 If we're OK with relying on `gpg-agent`, we should make make that an
119 explicit dependency, and ensure that an agent is running (or start one
120 up specifically for the process).
122 If we're not OK with relying on the agent, `--gen-subkey` needs
127 I think requiring the agent and using it for getting the passphrase is
128 fine. That should make this bug fairly easy to fix, so I'll get on
135 Alternately, we could use `--passwd-fd` and `ssh-agent`, along the
136 lines i proposed [for handling passphrase-locked secret
137 keys](/bugs/handle-passphrase-locked-secret-keys).
141 [[bugs/done]] as of 2008-08-15 16:48:26-0400 (to be released in 0.8-1)
143 I opted to go with the `ssh-askpass` route, and fall back to echoing
144 stuff to a fifo directly if `ssh-askpass` is not available.