I get a permission denied error when i generate a GPG encryption key using the command line. Below is a copy of what i did on the terminal and the error that i got.
===========================================================================
mapetla@mapetla:/var/www/MISP$ sudo -u www-data mkdir /var/www/MISP/.gnupg
mkdir: cannot create directory ‘/var/www/MISP/.gnupg’: File exists
mapetla@mapetla:/var/www/MISP$ sudo chmod 700 /var/www/MISP/.gnupg
mapetla@mapetla:/var/www/MISP$ sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key
gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Note: Use "gpg --full-gen-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: mapetla
Email address: mapetla.[email protected]
You selected this USER-ID:
"mapetla mapetla.[email protected]"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: Permission denied
Key generation failed: Permission denied
No worries, just start the pgp generation from scratch:
rm -rf /var/www/MISP/.gnupg
sudo -u www-data mkdir /var/www/MISP/.gnupg
sudo chmod 700 /var/www/MISP/.gnupg
sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key
sudo -u www-data sh -c "gpg --homedir /var/www/MISP/.gnupg --export --armor YOUR-KEYS-EMAIL-HERE > /var/www/MISP/app/webroot/gpg.asc"
I started the pgp from scratch as you have advised , and i still the the same error
mapetla@mapetla:/var/www/MISP$ sudo rm -rf /var/www/MISP/.gnup
mapetla@mapetla:/var/www/MISP$ sudo -u www-data mkdir /var/www/MISP/.gnupg
mapetla@mapetla:/var/www/MISP$ sudo chmod 700 /var/www/MISP/.gnupg
mapetla@mapetla:/var/www/MISP$ sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key
gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: keybox '/var/www/MISP/.gnupg/pubring.kbx' created
Note: Use "gpg --full-gen-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: mapetla
Email address: mapetla.[email protected]
You selected this USER-ID:
"mapetla mapetla.users@gmail.com"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: Permission denied
Key generation failed: Permission denied
Maybe this here? But be careful with messing with your tty!
Hello,
I am having the same problem, also tried the commands provided by iglocska and it did not work, is there any solution? Thanks.
I was having this problem trying to re-issue the key on a working instance. Tried a fresh install, that install had the issue as well.
Edit: this was also corrected by temporarily changing tty ownership to www-data and doing a clean generation (I also installed rng-tools)
I solved this by using the guide and temporarly setting:
chown www-data $(tty)
and then after the generation moving it back
Checking with ls -l $(tty)
Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: Permission denied
Key generation failed: Permission denied
i got the same problem...can some one help me
While the issue is closed, I thought I'd add that the easiest way (and least-dangerous way, and doesn't require root privs to chown the tty) I've found to resolve this is to use a program like tmux or GNU screen which allocates a new ptty for the sued user:
gumnos@localhost$ su - demo
demo@localhost$ gpg --gen-key
â‹®
Key generation failed: Permission denied
demo@localhost$ ls -l `tty` # note still owned by "gumnos"
crw--w---- 1 gumnos tty 136, 13 Jan 9 11:37 /dev/pts/13
demo@localhost$ tmux
[tmux: demo@localhost]$ ls -l `tty` # now owned by "demo"
crw--w---- 1 demo tty 136, 22 Jan 9 11:38 /dev/pts/22
[tmux: demo@localhost]$ gpg --gen-key # this works as desired
I forget this every time, do a web search for this information, and end up in this thread or one much like it that advises chowning the tty to the secondary user, generating the key, and then chowning the tty back to the original user (all that chowning also requires root privs). Hopefully by leaving this here, it's useful to others, including my future forgetful self.
Thanks a ton! This really helped.
One thing I'm uncertain of, and excuse me for posting on a closed subject, is that WakandaKing, the original poster, run gpg --gen-key as SU.
That's unnecessary and actually counterproductive, IMO, but please correct me here.
I want a GPG keyring for me, not for the SU (edge cases excluded).
So better to tmux, then run commands as me, not as SU.
So insted of sudo gpg --gen-key, just run gpg --gen-key
While the issue is closed, I thought I'd add that the easiest way (and least-dangerous way, and doesn't require
rootprivs tochownthe tty) I've found to resolve this is to use a program liketmuxor GNUscreenwhich allocates a _new_ ptty for thesued user:gumnos@localhost$ su - demo demo@localhost$ gpg --gen-key â‹® Key generation failed: Permission denied demo@localhost$ ls -l `tty` # note still owned by "gumnos" crw--w---- 1 gumnos tty 136, 13 Jan 9 11:37 /dev/pts/13 demo@localhost$ tmux [tmux: demo@localhost]$ ls -l `tty` # now owned by "demo" crw--w---- 1 demo tty 136, 22 Jan 9 11:38 /dev/pts/22 [tmux: demo@localhost]$ gpg --gen-key # this works as desiredI forget this every time, do a web search for this information, and end up in this thread or one much like it that advises
chowning the tty to the secondary user, generating the key, and thenchowning the tty back to the original user (all thatchowning also requires root privs). Hopefully by leaving this here, it's useful to others, including my future forgetful self.
Perfect solution Gumnos, it works!
Most helpful comment
While the issue is closed, I thought I'd add that the easiest way (and least-dangerous way, and doesn't require
rootprivs tochownthe tty) I've found to resolve this is to use a program liketmuxor GNUscreenwhich allocates a new ptty for thesued user:I forget this every time, do a web search for this information, and end up in this thread or one much like it that advises
chowning the tty to the secondary user, generating the key, and thenchowning the tty back to the original user (all thatchowning also requires root privs). Hopefully by leaving this here, it's useful to others, including my future forgetful self.