Description of problem: When configuring "compliance de-vs" in gpg.conf, the GnuPG operation fails with "gpg: RNG is nicht konform mit dem --compliance=de-vs Modus" - the RNG is not conformant with the de-vs mode. If I see that correctly, the Jitter RNG is not enabled. Version-Release number of selected component (if applicable): gnupg2-2.3.3-1.fc35.x86_64 How reproducible: always Steps to Reproduce: 1. configure mentioned mode 2. encrypt data 3. observe error
Thank you for the report. This is the same result I get for the current master version of libgcrypt, which I am working on for the FIPS certification after upstreaming all of our patches so I assume this will be also an issue with the upstream libgcrypt. But looking through the code, it looks like the libgcrypt 1.9.0 and newer was not validated with de-vs so it can not be used in this compliance mode, according to the code comments: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=common/compliance.c;h=33a19fe06be2227239c2c5f4215b9de5889cff9d;hb=refs/heads/master#l590 The libgcrypt source comments confirms this -- no certificate for 1.9.0 version yet so this compliance can not be claimed: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=src/global.c;h=58873372cabccf1fe49feb43b62370483d3b43ac;hb=HEAD#l410 But I agree that the error message should be more descriptive. I filled the following upstream issue: https://dev.gnupg.org/T5726
Given the upstream does not consider this a bug, closing this one too as this is not a compliance mode we would support in Fedora. If you see a space for improvement, please follow-up in the upstream bug.