Using loopback pin entry with GnuPG 2.1

Vinay Sajip vinay_sajip at yahoo.co.uk
Fri Nov 4 23:42:25 CET 2016 

Dear Werner,

> I am sorry, but I do not have enough information what you are doing.  If
> you need help, please describe exactly what you are doing (including the
> version of the software and the OS).  You might have given that in
> another mail, but I can't remember.

I am running on Ubuntu 16.04.1 (x86_64) with gpg 1.4.20 and gpg 2.1.11 installed using the distro package manager.

My ~/.gnupg/gpg-agent.conf is:

allow-loopback-pinentry
log-file socket:///tmp/S.my-gnupg-log
verbose
debug ipc

Just after reboot, there is only one agent running:


$ ps -ef | grep gpg-agen[t]
vinay     1836  1710  0 22:11 ?        00:00:00 gpg-agent --homedir /home/vinay/.gnupg --use-standard-socket --daemon

and watchgnupg connects to it:


$ watchgnupg --time-only --force /tmp/S.my-gnupg-log
[client at fd 4 connected (local)]
4 - 22:13:12 gpg-agent[1836]: handler 0x7efca342e700 for fd 5 started
4 - 22:13:12 gpg-agent[1836]: DBG: chan_5 -> OK Pleased to meet you, process 1836
4 - 22:13:12 gpg-agent[1836]: DBG: chan_4 <- OK Pleased to meet you, process 1836
4 - 22:13:12 gpg-agent[1836]: DBG: chan_4 -> GETINFO pid
4 - 22:13:12 gpg-agent[1836]: DBG: chan_5 <- GETINFO pid
4 - 22:13:12 gpg-agent[1836]: DBG: chan_5 -> D 1836
4 - 22:13:12 gpg-agent[1836]: DBG: chan_4 <- D 1836
4 - 22:13:12 gpg-agent[1836]: DBG: chan_5 -> OK
4 - 22:13:12 gpg-agent[1836]: DBG: chan_4 <- OK
4 - 22:13:12 gpg-agent[1836]: DBG: chan_4 -> BYE
4 - 22:13:12 gpg-agent[1836]: DBG: chan_5 <- BYE
4 - 22:13:12 gpg-agent[1836]: DBG: chan_5 -> OK closing connection
4 - 22:13:12 gpg-agent[1836]: handler 0x7efca342e700 for fd 5 terminated


Then I run a single test, which fails. After it, there are two agents:

$ ps -ef | grep gpg-agen[t]
vinay     1836  1710  0 22:11 ?        00:00:00 gpg-agent --homedir /home/vinay/.gnupg --use-standard-socket --daemon
vinay     2373  1710 48 22:12 ?        00:00:03 gpg-agent --homedir /home/vinay/projects/python-gnupg/keys --use-standard-socket --daemon


I have placed a copy of ~/.gnupg/gpg-agent.conf in /home/vinay/projects/python-gnupg/keys/gpg-agent.conf.

However, the watchgnupg output shows no reference to PID 2373, only the once-a-minute check with PID 1836.

The test creates two keys and encrypts and decrypts some data, and verifies that the decryption result matches what was encrypted. The test fails at the decryption stage, the relevant excerpt from the test log is as follows:

MainThread gpg2 --pinentry-mode loopback --status-fd 2 --no-tty --debug ipc --homedir /home/vinay/projects/python-gnupg/keys --batch --passphrase-fd 0 --debug-quick-random --decrypt
MainThread Wrote passphrase
MainThread data copier: <Thread(Thread-12, initial daemon)>, <_io.BytesIO object at 0x7f8d51b40410>, <open file '<fdopen>', mode 'wb' at 0x7f8d5207c9c0>
MainThread stderr reader: <Thread(Thread-13, initial daemon)>
Thread-12  closed output, 896 bytes sent
MainThread stdout reader: <Thread(Thread-14, initial daemon)>
Thread-13  gpg: Note: no default option file '/home/vinay/projects/python-gnupg/keys/gpg.conf'
Thread-13  gpg: enabled debug flags: ipc
Thread-13  [GNUPG:] ENC_TO 195194AD659FA047 16 0
Thread-13  gpg: DBG: chan_5 <- OK Pleased to meet you, process 2384
Thread-13  gpg: DBG: connection to agent established
Thread-13  gpg: DBG: chan_5 -> RESET
Thread-13  gpg: DBG: chan_5 <- OK
Thread-13  gpg: DBG: chan_5 -> OPTION ttytype=xterm-256color
Thread-13  gpg: DBG: chan_5 <- OK
Thread-13  gpg: DBG: chan_5 -> OPTION display=:0
Thread-13  gpg: DBG: chan_5 <- OK
Thread-13  gpg: DBG: chan_5 -> OPTION xauthority=/home/vinay/.Xauthority
Thread-13  gpg: DBG: chan_5 <- OK
Thread-13  gpg: DBG: chan_5 -> OPTION putenv=XMODIFIERS=@im=ibus
Thread-13  gpg: DBG: chan_5 <- OK
Thread-13  gpg: DBG: chan_5 -> OPTION putenv=GTK_IM_MODULE=ibus
Thread-13  gpg: DBG: chan_5 <- OK
Thread-13  gpg: DBG: chan_5 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-qFEK77X1S3
Thread-13  gpg: DBG: chan_5 <- OK
Thread-13  gpg: DBG: chan_5 -> OPTION putenv=QT_IM_MODULE=ibus
Thread-13  gpg: DBG: chan_5 <- OK
Thread-13  gpg: DBG: chan_5 -> GETINFO version
Thread-13  gpg: DBG: chan_5 <- D 2.1.11
Thread-13  gpg: DBG: chan_5 <- OK
Thread-13  gpg: DBG: chan_5 -> OPTION allow-pinentry-notify
Thread-13  gpg: DBG: chan_5 <- OK
Thread-13  gpg: DBG: chan_5 -> OPTION agent-awareness=2.1.0
Thread-13  gpg: DBG: chan_5 <- OK
Thread-13  gpg: DBG: chan_5 -> OPTION pinentry-mode=loopback
Thread-13  gpg: DBG: chan_5 <- ERR 67108924 Not supported <GPG Agent>
Thread-13  gpg: setting pinentry mode 'loopback' failed: Not supported
Thread-13  [GNUPG:] ERROR set_pinentry_mode 67108924
Thread-13  gpg: DBG: chan_5 -> AGENT_ID
Thread-13  gpg: DBG: chan_5 <- ERR 67109139 Unknown IPC command <GPG Agent>
Thread-13  gpg: encrypted with 2048-bit ELG key, ID 659FA047, created 2016-11-04
Thread-13        "Barbara Brown (A test user (insecure!)) <barbara.brown at beta.com>"
Thread-13  [GNUPG:] NO_SECKEY 195194AD659FA047
Thread-13  [GNUPG:] BEGIN_DECRYPTION
Thread-13  [GNUPG:] DECRYPTION_FAILED
Thread-13  gpg: decryption failed: No secret key
Thread-13  [GNUPG:] END_DECRYPTION


In the above: the MainThread invokes gpg2 and writes the passphrase, Thread-12 writes the data to be decrypted to gpg2's stdin, and Thread-13 reads gpg2's stderr.

Does the above shed any additional light on what's going on? The identical test code works fine with gpg 1.4.20.

Regards,

Vinay Sajip

More information about the Gnupg-devel mailing list