Don't get the pinentry for passphrase in some contexts

Damien Cassou damien at
Wed Jul 19 15:29:11 CEST 2017

Werner Koch <wk at> writes:
> "debug-pinentry" in gpg-agent.conf would give you more info.  Adding
> also "debug ipc" will show you the communication between gpg and
> gpg-agent; that is what you strace shows.  Use "log-file FILE" to set a
> log file and remember to reload gpg-agent.

I tried this configuration

    log-file /home/cassou/.gnupg/gpg-agent.log
    debug-level guru
    max-cache-ttl 0
    debug-pinentry 1
    debug 1024

The generated log files in both cases are quite similar but show the
differences below. I put _XXX_ to hide some values that are the same in
both outputs and _YYY_/_ZZZ_ when values differ.

--- firefox.log	2017-07-19 15:20:17.988440200 +0200
+++ terminal.log	2017-07-19 15:20:24.128297587 +0200
@@ -2,9 +2,9 @@
 DBG: chan_6 -> OK Pleased to meet you, process _PID_
 DBG: chan_6 <- RESET
 DBG: chan_6 -> OK
-DBG: chan_6 <- OPTION ttyname=/dev/pts/2
+DBG: chan_6 <- OPTION ttyname=/dev/pts/0
 DBG: chan_6 -> OK
-DBG: chan_6 <- OPTION ttytype=dumb
+DBG: chan_6 <- OPTION ttytype=xterm-256color
 DBG: chan_6 -> OK
 DBG: chan_6 <- OPTION display=:0
 DBG: chan_6 -> OK
@@ -16,8 +16,6 @@
 DBG: chan_6 -> OK
 DBG: chan_6 <- OPTION putenv=QT_IM_MODULE=ibus
 DBG: chan_6 -> OK
-DBG: chan_6 <- OPTION putenv=INSIDE_EMACS=25.2.1,comint
-DBG: chan_6 -> OK
 DBG: chan_6 <- OPTION lc-ctype=en_US.UTF-8
 DBG: chan_6 -> OK
 DBG: chan_6 <- OPTION lc-messages=en_US.UTF-8
@@ -46,12 +44,11 @@
 DBG: chan_6 <- PKDECRYPT
 DBG: chan_6 -> S INQUIRE_MAXLEN 4096
-DBG: chan_6 <- [ 44 ... ...(_YYY_ byte(s) skipped) ]
+DBG: chan_6 <- [ 44 ... ...(_ZZZ_ byte(s) skipped) ]
 DBG: chan_6 <- END
 DBG: keygrip: _XXX_
-DBG: cipher:  _XXX_ _YYY_ _XXX_
+DBG: cipher:  _XXX_ _ZZZ_ _XXX_
 DBG: agent_get_cache '_XXX_' (mode 2) ...
-DBG:   expired '_XXX_' (0s after creation)
 DBG: ... miss
 DBG: agent_get_cache '_XXX_' (mode 2) (stored cache key) ...
 DBG: ... miss
@@ -59,10 +56,5 @@
 DBG: connection to PIN entry established
 DBG: chan_6 <- END
-DBG: error calling pinentry: Operation cancelled <Pinentry>
-failed to unprotect the secret key: Operation cancelled
-failed to read the secret key
-command 'PKDECRYPT' failed: Operation cancelled <Pinentry>
-DBG: chan_6 -> ERR 83886179 Operation cancelled <Pinentry>
-DBG: chan_6 <- [eof]
-handler 0x7f8e1fa24700 for fd 6 terminated
+DBG: agent_put_cache 'XXXXXX' (mode 2) requested ttl=0
+DBG: rsa_decrypt data:+XXXXX

>>     read(5, "ERR 83886179 Operation cancelled <Pinentry>\n", 1002) = 44
> The agent tells you that the Pinentry canceled the operation.  This is
> usually due to clicking the cancel button.  Some older versions of
> pinentry use cancel as a catch all error from pinentry.  Modern versions
> of gpg running with "-v" will print a line identifing the pinentry used
> and thus reveal possible problems, for example a missing GPG_TTY
> envrionment variable.

I have 2.1.13 and only got that in Firefox console:


gpg: public key is XXX
gpg: using subkey XXX instead of primary key YYY
gpg: encrypted with 4096-bit RSA key, ID XXX, created 2015-04-17
      "Damien Cassou <damien at>"
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key

Do you have any more clue?

Damien Cassou

"Success is the ability to go from one failure to another without
losing enthusiasm." --Winston Churchill

More information about the Gnupg-users mailing list