Pinentry UI bug

Daniel Kahn Gillmor dkg at
Wed Jul 6 05:17:09 CEST 2016

Hi Titus--

On Tue 2016-07-05 17:57:48 -0400, Titus von der Malsburg wrote:
> I encrypted a file using symmetric encryption (gpg2 -c file.txt).  Then
> I tried to decrypt it (in Emacs) which opened a pinentry window.  I
> accidentally clicked on the check mark labeled “save in password
> manager” and clicked “Ok” without having entered the password.  Opening
> the file obviously failed, but when I tried to open the file again, GPG
> apparently reused the empty password and didn’t give me the chance to
> enter the correct password.  The error message was:
> gpg: AES encrypted data
> gpg: gcry_kdf_derive failed: Invalid data
> gpg: encrypted with 1 passphrase
> gpg: decryption failed: No secret key
> Now I’m stuck with an encrypted file that I can’t decrypt although I
> have the password.
> Question: How can I remove the incorrect password and restore the
> password prompt?

pinentry most likely cached the password with your system's
SecretService using libsecret, which can be implemented in different
ways (though the common mechanism i've seen has been one implemented by
the GNOME desktop, and which is accessible via gnome-keyring).

on debian, there should be a libsecret-tools package that allows you to
query the SecretService, though i don't have enough experience with it
to help you beyond that pointer.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20160705/1e07e342/attachment.sig>

More information about the Gnupg-users mailing list