gpgsm issueing two concurrent passphrase requests fails

Alfred Ganz alfred-ganz+gpg at agci.com
Wed Jul 9 01:16:25 CEST 2014 

Ladies and Gentlemen,

I have encountered a problem with gpgsm/gpg-agent in the case where
gpgsm needs to open two connections with gpg-agent because it needs both 
the passphrase for an imported certificate and a passphrase for access 
to gpg. From the gpg-agent debug output it looks to me like the first 
connection is properly prepared but then the first passphrase request for 
the certificate is issued on the second connection which has not been 
properly set up and pinetry hangs. 

I have done a fair amount of googleing, but have not found any resolution
for the problem, although I found at least one very similar report. Yes, 
GPG_TTY is properly set, and a gpg -s after proper cleanup of the hung 
pinentry worked as expected. I have reset gpg-agent.conf and gpgsm.conf
and replaced /usr/bin/pinentry with a softlink to pinentry-curses and
repeated my tests wth the same results.

My system: Centos 6, 2.6.32-431.11.2.el6.i686
gpgsm:     gpgsm (GnuPG) 2.0.14
           libgcrypt 1.4.5
           libksba 1.0.7
gpg-agent: gpg-agent (GnuPG) 2.0.14
           libgcrypt 1.4.5
gpg:       gpg (GnuPG) 2.0.14
           libgcrypt 1.4.5

I have gone back and successfully done the above under an older system
with gnupg-1.4.5-14.el5_5.1 and gnupg2-2.0.10-3.el5_5.1.

I assume that I am not the first one to encounter this problem, and that
it has been fixed in the meantime. Could you please tell me what I need
to upgrade in order to have this fixed.

I am adding an attachment with the commands used and the debug output
from gpg-agent. If I can help with anything else please let me know.

Thanks for your work on these packages and your help, AG

-- 
 ----------------------------------------------------------------------
   Alfred Ganz					alfred-ganz:at:agci.com
   AG Consulting				(203) 624-9667
   440 Prospect Street # 11
   New Haven, CT 06511
 ----------------------------------------------------------------------
-------------- next part --------------

Preparing the certificate:
  openssl req -new -x509 -key <ssh-key-file> -out ssh-cert.pem
  openssl pkcs12 -export -in ssh-cert.pem -inkey <ssh-key-file> -out ssh-key.p12

Starting gpg-agent (note gpg-agent.conf is empty and pinentry is a soft link
to pinentry-curses and GPG_TTY is set):
  gpg-agent --csh --no-detach --debug-level basic --daemon > ~/.gpg-agent-info
  source ~/.gpg-agent-info

After cleaning up the hung pinentry this worked just fine (see at the end):
  gpg -s <whatever>

gpg-agent[24825]: DBG: connection to PIN entry established
gpg-agent[24825]: handler 0x87feb58 for fd 6 started
gpg-agent[24825.6] DBG: -> OK Pleased to meet you
gpg-agent[24825.6] DBG: <- RESET
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION ttyname=/dev/pts/6
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION ttytype=xterm
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION display=:0.0
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION xauthority=/home/ganz/.Xauthority
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION lc-ctype=en_US.ISO-8859-1
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION lc-messages=en_US.ISO-8859-1
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION allow-pinentry-notify
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- NOP
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825]: handler 0x8800310 for fd 7 started
gpg-agent[24825.7] DBG: -> OK Pleased to meet you
gpg-agent[24825.7] DBG: <- RESET
gpg-agent[24825.7] DBG: -> OK
gpg-agent[24825.7] DBG: <- OPTION allow-pinentry-notify
gpg-agent[24825.7] DBG: -> OK
gpg-agent[24825.7] DBG: <- GETINFO cmd_has_option GET_PASSPHRASE repeat
gpg-agent[24825.7] DBG: -> OK
gpg-agent[24825.7] DBG: <- GET_PASSPHRASE --data --repeat=0 -- X X Passphrase: Please+enter+the+passphrase+to+unprotect+the+PKCS#12+object.
gpg-agent[24825]: starting a new PIN Entry
gpg-agent[24825]: DBG: connection to PIN entry established
gpg-agent[24825.7] DBG: -> INQUIRE PINENTRY_LAUNCHED 24949
gpg-agent[24825.7] DBG: <- END
pinentry-curses: no LC_CTYPE known - assuming UTF-8
pinentry-curses: no LC_CTYPE known - assuming UTF-8
pinentry-curses: no LC_CTYPE known - assuming UTF-8
pinentry-curses: no LC_CTYPE known - assuming UTF-8
gpg-agent[24825.6] DBG: <- [EOF]
gpg-agent[24825]: handler 0x87feb58 for fd 6 terminated
gpg-agent[24825]: command get_passphrase failed: Incomplete line passed to IPC
gpg-agent[24825.7] DBG: -> ERR 67109126 Incomplete line passed to IPC <GPG Agent>
gpg-agent[24825]: Assuan processing failed: IPC write error
gpg-agent[24825]: handler 0x8800310 for fd 7 terminated
gpg-agent[24825]: handler 0x8801a48 for fd 6 started
gpg-agent[24825.6] DBG: -> OK Pleased to meet you
gpg-agent[24825.6] DBG: <- RESET
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION ttyname=/dev/pts/6
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION ttytype=xterm
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION display=:0.0
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION xauthority=/home/ganz/.Xauthority
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION lc-ctype=en_US.ISO-8859-1
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION lc-messages=en_US.ISO-8859-1
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- OPTION allow-pinentry-notify
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- GETINFO cmd_has_option GET_PASSPHRASE repeat
gpg-agent[24825.6] DBG: -> OK
gpg-agent[24825.6] DBG: <- GET_PASSPHRASE --data --repeat=0 -- 8033F52E5FDA06CF43C12663C5272A68A69E4A86 X X Please+enter+the+passphrase+to+unlock+the+secret+key+for+the+OpenPGP+certificate:%0A%22Alfred+Ganz+(My+Primary+Key+Pair)+<alfred-ganz at agci.com>%22%0A1024-bit+DSA+key,+ID+A69E4A86,%0Acreated+2004-04-14.%0A
gpg-agent[24825]: starting a new PIN Entry
gpg-agent[24825]: DBG: connection to PIN entry established
gpg-agent[24825.6] DBG: -> INQUIRE PINENTRY_LAUNCHED 24981
gpg-agent[24825.6] DBG: <- END
gpg-agent[24825.6] DBG: -> [Confidential data not shown]
gpg-agent[24825.6] DBG: -> [Confidential data not shown]
gpg-agent[24825.6] DBG: <- [EOF]
gpg-agent[24825]: handler 0x8801a48 for fd 6 terminated

More information about the Gnupg-devel mailing list