AIX Open Source

 View Only

  • 1.  AIX 7.3 / gnupg2 (2.2.23-1) - gpg --full-generate-key

    IBM Champion
    Posted Fri August 19, 2022 02:10 PM
    Team:

    New to gpg and need to generate a key for GitHub so our AIX hosted scripts can be signed.

    Running 

    gpg --full-generate-key

    I answer all the questions and select "o" for the (O)kay prompt before the screen clears and I then get a single character block cursor prompt, no other text explaining what needs to be entered.

    What is needing to be entered here?  I tried entering a consistent set of characters for about 10 iterations during which the screen clears and finally comes back each time with the same single character cursor block.

    Any guidance would be most welcome.

    Many thanks, Steve

    ------------------------------
    Steve Munday
    AIX, IBM i, HMC, PowerVM
    ------------------------------


  • 2.  RE: AIX 7.3 / gnupg2 (2.2.23-1) - gpg --full-generate-key

    IBM Champion
    Posted Fri August 19, 2022 02:42 PM
    At that point you should be generating the key, so GPG would probably like some entropy... maybe pretend you're an elephant with a new Commodore VIC-20?

    Did you get to enter the passphrase to protect the key? That also happens there, and if you can't see anything, maybe your terminal is screwed up. If you never see the prompt for entering the passphrase, try this:

    gpg --full-generate-key --pinentry-mode loopback

    That will force GPG to use the current terminal for PIN entry, instead of whatever your system thinks is the pin entry program.

    -- 
    Stephen L. Ulmer
    Enterprise Architect
    Mainline Information Systems
    (m) 352-870-8649






    Original Message


  • 3.  RE: AIX 7.3 / gnupg2 (2.2.23-1) - gpg --full-generate-key

    IBM Champion
    Posted Sat August 20, 2022 09:30 AM
    Stephen,

    Perfect, gpg --full-generate-key --pinentry-mode loopback did the trick as I saw the Pass Phrase prompt :-)

    I ran a "test" GPG signing however I'm seeing the below.

     
    # git config --global user.signingkey <Key>
# git commit -S -m "Checking GPG signing"
error: gpg failed to sign the data
fatal: failed to write commit object
# GIT_TRACE=1 git commit -S -m "Checking GPG signing"
09:22:18.046888 git.c:458               trace: built-in: git commit -S -m 'Checking GPG signing'
09:22:18.057161 run-command.c:654       trace: run_command: gpg --status-fd=2 -bsau <Key>
error: gpg failed to sign the data
fatal: failed to write commit object
# gpg --status-fd=2 -bsau <Key>
[GNUPG:] KEY_CONSIDERED 0BFE529216DDC3F983C6204A<Key> 2
[GNUPG:] BEGIN_SIGNING H8

gpg: signal 2 caught ... exiting

    The "BEGIN_SIGNING H8" just sits there until I Ctrl-C it.

    Any thoughts as to where I need to look next?

    Many thanks, Steve



    ------------------------------
    Steve Munday
    AIX, IBM i, HMC, PowerVM
    ------------------------------

    Original Message


  • 4.  RE: AIX 7.3 / gnupg2 (2.2.23-1) - gpg --full-generate-key

    IBM Champion
    Posted Sat August 20, 2022 12:47 PM
    I don't know that I've ever signed a commit, though I should start for things I contribute.

    Do "regular" commits work? Can you PGP encrypt a file with your own key? Let's partition the problem...

    -- 
    Stephen L. Ulmer
    Enterprise Architect
    Mainline Information Systems
    (m) 352-870-8649




    Original Message


  • 5.  RE: AIX 7.3 / gnupg2 (2.2.23-1) - gpg --full-generate-key

    IBM Champion
    Posted Sat August 20, 2022 01:04 PM
    Okay I couldn't see what you did in the email,  but now I'm looking at the web version of the message.

    When you are stuck waiting, I think that GPG is waiting for input on stdin. If you type CTRL-D and it finishes, you'll get what amounts to a signed, empty file (I'm guessing).

    ------------------------------
    Stephen Ulmer
    ------------------------------

    Original Message


  • 6.  RE: AIX 7.3 / gnupg2 (2.2.23-1) - gpg --full-generate-key

    IBM Champion
    Posted Mon September 12, 2022 09:42 AM
    Stephen,

    Hi, apologies for the delay as I've been away.

    Ok, so I did the following:

    gpg --status-fd=2 -bsau <Key> --pinentry-mode loopback​

    And then hit CTRL+D to end the command.  This then generated some text/numbers (looked like a key) followed by "-----END PGP SIGNATURE-----".

    I then ran the following on an existing file and so it seems the above resolved things.

    # git commit -S -m "Checking GPG signing"
[steve 4f31b2e] Checking GPG signing
 1 file changed, 11 insertions(+)
 create mode 100755 demo5.sh
#​

    Subsequently I added the "new" GPG key to GitHub and am now seeing "Verified" against the demo5.sh file in the Commits section.  I then re-ran the git commit process against another file (demo6.sh) and then did a git push, again I see "Verified" in the Commits section.

    Fingers crossed this is now resolved, thank-you for the guidance in getting me this far.

    Regards, Steve

    ------------------------------
    Steve Munday
    AIX, IBM i, HMC, PowerVM
    ------------------------------

    Original Message