Mandos-client fails decode

Dick Middleton dick at lingbrae.com
Wed Mar 2 18:26:38 CET 2016 

On 03/02/16 16:33, Teddy Hogeborn wrote:
> Dick Middleton <dick at lingbrae.com> writes:
> 
>> I'm now using mandos-client 1.7.3 on a Stretch system.
>>
>> If I test mandos-client fetching passcode it is successful.  However
>> at boot time it consistently fails to unlock the disk.  It reports:
>>
>> bad gpme_op_decode: GPME decryption failed
> 
> I don't know what that could be; you say it's working when you run
> mandos-client on a running system, but fails in the initramfs?
> What does the "gpgconf" command output?

gpg:GPG for OpenPGP:/usr/bin/gpg2
gpg-agent:GPG Agent:/usr/bin/gpg-agent
scdaemon:Smartcard Daemon:/usr/lib/gnupg2/scdaemon
gpgsm:GPG for S/MIME:/usr/bin/gpgsm
dirmngr:Key Acquirer:/usr/bin/dirmngr
pinentry:PIN and Passphrase Entry:/usr/bin/pinentry

> What happens if you generate a new entry for the Mandos server's
> /etc/mandos/clients.conf file by running "mandos-keygen --password
> --force" on the client, install the entry in the server and restart the
> Mandos server process?

I'll get back to you. But this is a new install I did a couple of days ago.

>> When testing mandos-client on this slow machine it can take up to
>> 3mins to get the passphrase.  During this time it is running at 100%
>> cpu.

It's true I don't invoke with --dhparams option.  But it sure makes
difference.  More like 5s.

Where is the default location for the file?  Installer puts it in
/etc/keys/mandos/dhparams.pem ?

It's got 600 permissions and owned by root.

But, on my desktop (amd64) it segfaults when dh-params option given:

Mandos plugin mandos-client: Unlinking "/tmp/mandosw2gt4j/S.gpg-agent"
Mandos plugin mandos-client: Unlinking "/tmp/mandosw2gt4j/private-keys-v1.d"
Mandos plugin mandos-client: Unlinking
"private-keys-v1.d/13DBD26E0DC10CE96543319E414937C7EEC55184.key"
Mandos plugin mandos-client: Unlinking
"private-keys-v1.d/CBCE568BDECE4A0147CA114196184F834909A49E.key"
Mandos plugin mandos-client: Unlinking "/tmp/mandosw2gt4j/pubring.kbx"
Mandos plugin mandos-client: Unlinking "/tmp/mandosw2gt4j/pubring.kbx~"
Mandos plugin mandos-client: Unlinking "/tmp/mandosw2gt4j/trustdb.gpg"
Floating point exception

That's with the original dhparams.pem and the one I generated today.I

>> there's some other significant difference. I've only seen these
>> problems on Stretch. Jessie worked OK.
> 
> We use jessie here.

Try using Stretch ;-)

I'll debug initramfs if I have to but if I can avoid it ...

As always thanks for your help

Dick

-- 
Dick Middleton
dick at lingbrae.com

More information about the Mandos-Dev mailing list