Non-interactive PIN not accepted, gpg hangs

Laurent Blume laurent at elanor.org
Tue Sep 29 21:00:18 CEST 2015


Hello all,

I'm trying to setup automatic file decryption using a smartcard to store
the private key.

Interactively, it all works fine, I get the PIN request, enter it,
decryption works, all good.

Non-interactively, however, I can't get it to work: gpg-agent always
spawns a pinentry in the background, and gpg waits for it indefinitely,
instead of using the PIN provided on the command line.


Here's a short example:

# eval $(gpg-agent --daemon)

# echo 123456 | gpg --batch --passphrase-fd 0 --quiet --decrypt file.gpg

^C
gpg: signal Interrupt caught ... exiting

# ps -edf | grep pinentry
root     26216 26035  0 11:33 ?        00:00:00 /usr/bin/pinentry-curses

Running gpg-agent with --debug-level guru shows it starts scdaemon,
finds the card, decides it needs the PIN and asks for it.

If the PIN is entered once interactively, then the command above
succeeds, because the card is unlocked (ie the command-line PIN is still
ignored).

It's on RHEL6 using the system's 2.0.14 version, and a Nitrokey Pro card.

Thanks in advance for any help,

Laurent



More information about the Gnupg-users mailing list