Pinentry UI bug
Titus von der Malsburg
malsburg at posteo.de
Tue Jul 5 23:57:48 CEST 2016
I encrypted a file using symmetric encryption (gpg2 -c file.txt). Then
I tried to decrypt it (in Emacs) which opened a pinentry window. I
accidentally clicked on the check mark labeled “save in password
manager” and clicked “Ok” without having entered the password. Opening
the file obviously failed, but when I tried to open the file again, GPG
apparently reused the empty password and didn’t give me the chance to
enter the correct password. The error message was:
gpg: AES encrypted data
gpg: gcry_kdf_derive failed: Invalid data
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key
Now I’m stuck with an encrypted file that I can’t decrypt although I
have the password.
Question: How can I remove the incorrect password and restore the
I already tried a couple of things:
- Kill gpg-agent.
- Kill gnome-keyring-daemon.
- Remove the stored key using Seahorse (failed because the key wasn’t
listed in Seahorse).
- Reboot the machine.
None of it helped.
Feature requests / bug reports:
- Pinentry shouldn’t store the password when it’s wrong.
- When decryption with a stored key fails, gpg should prompt the user
for the correct password.
- It should be transparent to the user where keys are stored. Specifically, the
label in the pinentry window should be more information, e.g: “Store
password in Gnome keyring. Use seahorse to edit or remove.”
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 472 bytes
Desc: not available
More information about the Gnupg-users