Mac Pinentry problem
peter at digitalbrains.com
Wed Mar 22 13:28:02 CET 2017
On 17/03/17 22:44, Rainer Hoerbe wrote:
> I copied my key to a OpenPGP card and was able to create signatures
> and authentication via SSH using the card. Now moving the the Mac I
> am stuck with pinentry-mac, because it keeps asking me for another
I think GnuPG hasn't deleted your secret key stubs which still point to
the old smartcard with the different serial number. Unless I'm very much
mistaken, this is a shortcoming of GnuPG 2.1 currently.
The agent identifies keys by their so-called keygrip. You can see the
keygrips for your private key with:
$ gpg2 --with-keygrip -K 64C2F99E904F1906
These keygrips correspond to files in ~/.gnupg/private-keys-v1.d/. Just
bluntly remove these files, but be careful to only delete files
belonging to smartcard stubs! Double check each keygrip before deleting
them. In fact, make a backup of the directory first :-).
> gpg --delete-secret-keys 0x64C2F99E904F1906
> gpg2 --card-status
> gpg2 --clearsign /etc/hosts
Did you mean to write "gpg" there rather than "gpg2"?
You didn't indicate which version of GnuPG you're using, but your
problem sounds like a 2.1 problem to me. If you are using GnuPG 2.1, you
shouldn't mix it with GnuPG 1.4, that road leads to pain. They don't
share their private key storage, and might or might not share public key
storage depending on which version created the public key storage on the
very first invocation.
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users