Package Details: gnupg-largekeys 2.2.20-1

Git Clone URL: https://aur.archlinux.org/gnupg-largekeys.git (read-only, click to copy)
Package Base: gnupg-largekeys
Description: Complete and free implementation of the OpenPGP standard
Upstream URL: https://www.gnupg.org/
Licenses: GPL
Conflicts: gnupg, gnupg2
Provides: gnupg=2.2.20, gnupg2=2.2.20
Replaces: gnupg, gnupg2
Submitter: ido
Maintainer: TheGoliath
Last Packager: TheGoliath
Votes: 4
Popularity: 0.000000
First Submitted: 2013-11-04 02:45
Last Updated: 2020-05-12 12:50

Required by (174)

Sources (5)

Latest Comments

« First ‹ Previous 1 2

vwyodajl commented on 2014-11-25 10:23

Not sure if this is 100% correct tried to get the patch to work with the 2.1 release that is now in arch.

diff -aur gnupg-2.1.0/g10/gpg.c gnupg-2.1.0.mod/g10/gpg.c
--- gnupg-2.1.0/g10/gpg.c 2014-11-04 07:16:55.000000000 -0800
+++ gnupg-2.1.0.mod/g10/gpg.c 2014-11-25 02:05:28.364752873 -0800
@@ -2180,7 +2180,7 @@
#endif

/* Initialize the secure memory. */
- if (!gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0))
+ if (!gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 131072, 0))
got_secmem = 1;
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
/* There should be no way to get to this spot while still carrying
diff -aur gnupg-2.1.0/g10/keygen.c gnupg-2.1.0.mod/g10/keygen.c
--- gnupg-2.1.0/g10/keygen.c 2014-11-04 01:38:37.000000000 -0800
+++ gnupg-2.1.0.mod/g10/keygen.c 2014-11-25 02:09:52.368794798 -0800
@@ -1366,7 +1366,7 @@
nbits = 2048;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
- else if (nbits > 4096)
+ else if (nbits > 65535)
{
nbits = 4096;
log_info (_("keysize invalid; using %u bits\n"), nbits );
@@ -1421,7 +1421,7 @@
nbits = 2048;
log_info(_("keysize invalid; using %u bits\n"), nbits );
}
- else if ( nbits > 3072 )
+ else if ( nbits > 65535 )
{
nbits = 3072;
log_info(_("keysize invalid; using %u bits\n"), nbits );

Hope this helps some.

ido commented on 2014-08-31 17:10

Updated gnupg to 2.0.26.
Fixed GitHub issue #27.

ido commented on 2014-07-05 23:07

Bumped to 2.0.25.

@vwyodajl - thank you for the comment.

vwyodajl commented on 2014-07-05 19:25

2.0.24 CVE https://mailman.archlinux.org/pipermail/arch-security/2014-June/000083.html

pkgver bump breaks patch.

ido commented on 2014-01-19 17:51

Release bumped to match upstream. libgcrypt update to 1.6.0 requires a rebuild of this package to link against the new version (libgcrypt.so.20 vs. libgcrypt.so.11).

Pacman will break if this isn't upgraded at the same time as libgcrypt. If pacman is complaining about "GPGME error: invalid crypto engine" when trying to upgrade/install packages, and when you try running "gpg --version" you get an error that it couldn't find libgcrypt.so.11 but libgcrypt.so.20 exists in /usr/lib, then that error is probably because you upgraded libgcrypt without rebuilding gnupg. So, just run makepkg or "yaourt -Sa gnupg-largekeys" again and it should be resolved.

tredaelli commented on 2013-12-10 17:25

Package almost useless, you can use gpg --batch --gen-key to generate the key (16k key max)

vwyodajl commented on 2013-11-18 00:21

That makes sense. Thank you for explaining that to me I was confused as to why it only happened with the larger keys.

ido commented on 2013-11-17 21:36

vwyodajl - if you are referring to this FAQ entry from the GnuPG documentation:

http://www.gnupg.org/faq/GnuPG-FAQ.html#why-do-i-get-gpg_warning_using_insecure_memory

By setuid'ing (chmod u+s) the gpg2 binary, you are giving it many more capabilities/permissions than you need to. This violates the principle of least privilege, so most distributions (including Arch) do not setuid the gpg binary.

The gnupg-largekeys PKGBUILD is identical to the Arch PKGBUILD except for the largekeys patch, which does not affect gpg's permissions or capability to lock memory, however the larger key size may require that more pages be locked into memory... A less invasive fix would be to allow gpg2 to lock more memory by modifying /etc/security/limits.conf, setting the appropriate ulimit setting, or any number of other ways.

This is something I will mark as "wontfix" since it is a matter of preference for the user whether they modify their limits.conf, set ulimits, use a helper/wrapper program, etc.

vwyodajl commented on 2013-11-14 18:24

I get the following warning once I install this. Does not appear with the Arch package

Warning: using insecure memory!

Some googling gave me that it is the suid of the binary?
http://www.ibm.com/developerworks/aix/library/au-gnupg/

I did try just to see what would happen and it does get rid of the warning.
chmod 4755 gpg

Just curious why the Arch package does not give me this warning but once this is installed I get it? Is the suid approach even applicable still, everything seems mostly old relating this warning.

ido commented on 2013-11-04 02:50

NOTE: To request changes to this package, please submit a pull request
to the GitHub repository at https://github.com/ido/packages-archlinux
Otherwise, open a GitHub issue. Thank you! -Ido

This package's PKGBUILD and its corresponding commits in the above git repository are signed with key fingerprint:
pub 4096R/2389BB21 2011-10-08
Key fingerprint = F353 09F4 93E8 F6D3 3973 5A70 A669 D000 2389 BB21

To import that key, try gpg --keyserver pgp.mit.edu --recv-keys 2389BB21