[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    initramfs - gpg decryption failed invalid IPC response
From:       D <mail () davidlasek ! eu>
Date:       2018-01-31 21:25:50
Message-ID: 8c08b400-b2c6-9459-2dc2-a7e0c2dc9691 () davidlasek ! eu
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi there,


I've been using OpenPGP smartcard to decrypt a keyfile to my drive 
partition with gpg.

This worked until it broke after system upgrade some time around 
November 2017 (I do not have the pacman pkg cache from that time).


 > uname -a

     Linux username 4.14.15-1-ARCH #1 SMP PREEMPT Tue Jan 23 21:49:25 
UTC 2018 x86_64 GNU/Linux


 > gpg --version

     gpg (GnuPG) 2.2.4
     libgcrypt 1.8.2


_THE PROBLEM:_

 > gpg --homedir "/etc/initcpio/gpg" -o "/keyfile.bin" --decrypt 
"${key_file}"


The command above which is run inside custom initcpio hook fails with 
status code: 2

And prints:

    gpg: encrypted with <bit-length> RSA key, ID <key id>. created
    <date> <owner name + email>

    gpg: public key decryption failed: Invalid IPC response

    gpg: decryption failed: No secret key


Interestingly enough, when I break into a shell with `break=premount` 
kernel parameter and attempt to decrypt the keyfile by manually invoking 
same set of commands, everything works. However the break=premount gets 
triggered after the hook is run which might be why it works by that point.

The custom initcpio hook is available here:
https://github.com/fogine/initramfs-scencrypt

Particularly this line:

https://github.com/fogine/initramfs-scencrypt/blob/master/scencrypt-hook#L49


Note that before the decryption command, I run `gpg --card-status` which 
successfully detects the smartcard and populates subkey secret stub.


These are hooks run at boot time (/etc/mkinitcpio.conf):

HOOKS="base udev autodetect modconf block filesystems keyboard fsck 
scencrypt"

"scencrypt" being my custom hook.

I do not load any MODULES="" (in /etc/mkinicpio.conf) before the hooks 
are run.


I struggle with debuging this issue, does anybody have an idea how I 
could proceed further?

Thank you.



[Attachment #5 (text/html)]

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hi there,</p>
    <p><br>
    </p>
    <p>I've been using OpenPGP smartcard to decrypt a keyfile to my
      drive partition with gpg.</p>
    <p>This worked until it broke after system upgrade some time around
      November 2017 (I do not have the pacman pkg cache from that time).</p>
    <p><br>
    </p>
    <p>&gt; uname -a<br>
    </p>
    <p>    Linux username 4.14.15-1-ARCH #1 SMP PREEMPT Tue Jan 23
      21:49:25 UTC 2018 x86_64 GNU/Linux</p>
    <p><br>
    </p>
    <p>&gt; gpg --version</p>
    <p>    gpg (GnuPG) 2.2.4<br>
          libgcrypt 1.8.2</p>
    <p><br>
    </p>
    <p><u>THE PROBLEM:</u></p>
    <p>&gt; gpg --homedir "/etc/initcpio/gpg" -o "/keyfile.bin"
      --decrypt "${key_file}"</p>
    <p><br>
    </p>
    <p>The command above which is run inside custom initcpio hook fails
      with status code: 2</p>
    <p>And prints:</p>
    <blockquote>
      <p>gpg: encrypted with &lt;bit-length&gt; RSA key, ID &lt;key
        id&gt;. created &lt;date&gt; &lt;owner name + email&gt;</p>
      <p>gpg: public key decryption failed: Invalid IPC response</p>
      <p>gpg: decryption failed: No secret key<br>
      </p>
    </blockquote>
    <p><br>
    </p>
    <p>Interestingly enough, when I break into a shell with
      `break=premount` kernel parameter and attempt to decrypt the
      keyfile by manually invoking same set of commands, everything
      works. However the break=premount gets triggered after the hook is
      run which might be why it works by that point.<br>
    </p>
    <p>The custom initcpio hook is available here:<br>
      <a class="moz-txt-link-freetext" \
href="https://github.com/fogine/initramfs-scencrypt">https://github.com/fogine/initramfs-scencrypt</a></p>
  <p>Particularly this line:</p>
    <p><a class="moz-txt-link-freetext" \
href="https://github.com/fogine/initramfs-scencrypt/blob/master/scencrypt-hook#L49">ht \
tps://github.com/fogine/initramfs-scencrypt/blob/master/scencrypt-hook#L49</a></p>  \
<p><br>  </p>
    <p>Note that before the decryption command, I run `gpg
      --card-status` which successfully detects the smartcard and
      populates subkey secret stub.</p>
    <p><br>
    </p>
    <p>These are hooks run at boot time (/etc/mkinitcpio.conf):</p>
    <p>HOOKS="base udev autodetect modconf block filesystems keyboard
      fsck scencrypt"</p>
    <p>"scencrypt" being my custom hook.<br>
    </p>
    <p>I do not load any MODULES="" (in /etc/mkinicpio.conf) before the
      hooks are run.<br>
    </p>
    <p><br>
    </p>
    <p>I struggle with debuging this issue, does anybody have an idea
      how I could proceed further?</p>
    <p>Thank you.<br>
    </p>
    <br>
  </body>
</html>



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic