pinentry

auto15963931 at hushmail.com auto15963931 at hushmail.com
Wed Apr 4 21:03:26 CEST 2012


I use gpg on Windows OS. On the command line when I use this 
command:

gpg -d filename.asc

a pinentry window pops up requesting my passphrase. If it happens 
that the message was encrypted with the option --throw-keyids, then 
the pinentry window, not knowing which key was used, starts with 
one of my keys arbitrarily and requests the passphrase for it. I 
have two questions about this procedure.  First, if I know which 
key was used and I want to select it, I can click the "Cancel" 
button at the time I see the arbitrary key dialogue window, and 
then the program will select another key, again apparently 
arbitrarily, and so on in succession, until it gets to the one I 
want, at which time I can enter the correct passphrase and get the 
decrypted result.  However, much of the time I find that using this 
procedure does not cause the pinentry dialogue to move from one key 
to another but instead causes the dialogue window to close after 
either the first or second clicking on the cancel button instead of 
continuing on down through the complete list of keys I have 
available. It just fails to decrypt.  This failure occurs mostly 
when I first try to use the procedure, but then it starts working 
properly after a few tries even though I do exactly the same steps 
each time.  Why does it fail initially?  Is this a known issue?  

I have noticed a number of instances of failures during batch 
decryption too, even though the pinentry dialogue does not arise of 
course. These failures result in the "--status-file" indicating 
that the decryption failed although in fact I can find the 
decrypted message present. 

Secondly, what is the correct way to handle this sort of procedure 
under these circumstances so that indeed all the keys would be 
tried each time?  My initial thought is to include the option "--
try-all-secrets" in order to prevent the failure and premature 
closing of the decryption attempts during batch processes. Thanks.




More information about the Gnupg-users mailing list