Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-44673

gnupg2 by default fails to generate key in FIPS

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • rhel-10.0.beta
    • rhel-10.0.beta
    • gnupg2
    • 1
    • sst_security_crypto
    • ssg_security
    • 20
    • 1
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto24Q3
      1. gnupg2 is able to generate a key in FIPS mode with default configuration
      2. gnupg2 by default generates ed25519 key in both regular and FIPS mode
    • None
    • Automated
    • Unspecified Release Note Type - Unknown
    • None

      /CoreOS/gnupg2/Sanity/key-generation

      Please provide the package NVR for which bug is seen:

      gnupg2-2.4.4-1.el10

      Expected results

      passes

      Actual results

      Fails in FIPS:

       ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Quick key generation
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 00:43:48 ] :: [  BEGIN   ] :: Generate key with default algorithm :: actually running 'gpg2 --homedir ./.gnupg --batch --passphrase '' --quick-gen-key keygentest default default 0'
gpg: directory '/tmp/tmp.fingertipt/./.gnupg' created
gpg: invalid item 'S2' in preference string
gpg: agent_genkey failed: Not supported
gpg: key generation failed: Not supported
:: [ 00:43:48 ] :: [   FAIL   ] :: Generate key with default algorithm (Expected 0, got 2)
:: [ 00:43:48 ] :: [  BEGIN   ] :: Running 'gpg2 --homedir ./.gnupg --list-keys keygentest'
gpg: /tmp/tmp.fingertipt/./.gnupg/trustdb.gpg: trustdb created
gpg: error reading key: No public key
:: [ 00:43:48 ] :: [   FAIL   ] :: Command 'gpg2 --homedir ./.gnupg --list-keys keygentest' (Expected 0, got 2)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 0 good, 2 bad
::   RESULT: FAIL


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Default algorithm
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 00:43:49 ] :: [   FAIL   ] :: File 'key-info.txt' should contain '^uid[[:space:]]*\[.*\] keygentest' 
:: [ 00:43:49 ] :: [   FAIL   ] :: File 'key-info.txt' should contain '^pub[[:space:]]*rsa3072' 
:: [ 00:43:49 ] :: [   FAIL   ] :: File 'key-info.txt' should contain '^sub[[:space:]]*rsa3072' 
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 1s
::   Assertions: 0 good, 3 bad
::   RESULT: FAIL

            jjelen@redhat.com Jakub Jelen
            szidek@redhat.com Stanislav Zidek
            Jakub Jelen Jakub Jelen
            Stanislav Zidek Stanislav Zidek
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: