Pinentry UI bug

Titus von der Malsburg malsburg at
Tue Jul 5 23:57:48 CEST 2016

I encrypted a file using symmetric encryption (gpg2 -c file.txt).  Then
I tried to decrypt it (in Emacs) which opened a pinentry window.  I
accidentally clicked on the check mark labeled “save in password
manager” and clicked “Ok” without having entered the password.  Opening
the file obviously failed, but when I tried to open the file again, GPG
apparently reused the empty password and didn’t give me the chance to
enter the correct password.  The error message was:

gpg: AES encrypted data
gpg: gcry_kdf_derive failed: Invalid data
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key

Now I’m stuck with an encrypted file that I can’t decrypt although I
have the password.

Question: How can I remove the incorrect password and restore the
password prompt?

I already tried a couple of things:

- Kill gpg-agent.
- Kill gnome-keyring-daemon.
- Remove the stored key using Seahorse (failed because the key wasn’t
  listed in Seahorse).
- Reboot the machine.

None of it helped.

Feature requests / bug reports:

- Pinentry shouldn’t store the password when it’s wrong.
- When decryption with a stored key fails, gpg should prompt the user
  for the correct password.
- It should be transparent to the user where keys are stored.  Specifically, the
  label in the pinentry window should be more information, e.g: “Store
  password in Gnome keyring.  Use seahorse to edit or remove.”

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: </pipermail/attachments/20160705/4897f973/attachment.sig>

More information about the Gnupg-users mailing list