Bad passphrase with gpg 2.1 - works fine with gpg 1.4

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Apr 27 07:37:56 CEST 2017


Hi Fredrik--

On Wed 2017-04-19 15:49:20 +0200, Fredrik Jonson wrote:

> After upgrading to Ubuntu 17.04, gpg does not accept my passphrase. More
> precisely, gpg 2.1.15 does not. However, gpg 1.4.21, installed as
> gpg1 does accept that very same passphrase. What am I doing wrong?

gpg 1.4.x and 2.1.x use different secret keyrings.

the first time that 2.1.x runs, it tries to import secret key material
from the 1.4.x keyring, but it's possible that this happened before the
previous key generation.

You can encourage 2.1.x to try that migration again with:

    rm ~/.gnupg/.gpg-v21-migrated
    gpg2 --list-secret-keys

> In an attempt to narrow the scope of possible causes, I've tried to
> instruct gpg2 to not use-agent, but failed.

modern GnuPG (v2.1) is designed to only use the agent.  on this branch,
gpg itself never handles secret key material at all.

> Gpg2 still prompts me using a GUI dialog, rather than interactively in
> the terminal. Can I, from the command line, tell gpg2 not to use agent
> and always prompt me for the passphrase in the terminal rather than
> via Gnome or gpg-agent?

I'm not sure that this is related to your other question.  but if you
really prefer to only be prompted in the terminal, you can change the
version of pinentry that you have installed to pinentry-curses or
pinentry-tty.  If you're using this from a graphical environment though,
i do not recommend making this change.  Stick with the graphical
passphrase prompt!

> Is gpg2 in general compatible with gpg1? Can I use gpg2 while some of my
> recipients keep using gpg1? Or is that a bad idea for some reason?

you can use gpg 2.1.x while your correspondents use gpg 1.4.x.  but
trying to use 2.1.x yourself while also using 1.4.x (the "co-installed
case") doesn't work very well in my experience, since there are
different secret keyrings, and in practice there can be different public
keyrings as well (2.1.x prefers ~/.gnupg/pubring.kbx, but 1.4.x only
knows about ~/.gnupg/pubring.gpg).

      --dkg



More information about the Gnupg-users mailing list