Unable to sign or decrypt with card
Philip Jackson
philip.jackson at nordnet.fr
Mon Sep 11 18:57:16 CEST 2017
On 10/09/17 16:52, Werner Koch wrote:
> On Sat, 9 Sep 2017 14:54, philip.jackson at nordnet.fr said:
>
>> Suggestions as to how to check and correct this situation would be
>> appreciated.
>
> Newer versions of gpg should print a better error message; at least with
> -v. I guess that your pinentry is not installed or can't be used.
I don't think the pinentry is a problem. When I launch the command to
decrypt a document, the pinentry dialog box opens, I enter the pin and
click ok and the operation promptly fails.
> Do you have the option "pinentry-program" in your gpg-agent.conf ? Then
> check that it is really there.
I looked in gpg-agent.conf and found that I had commented out the
pinentry-program line back around March 2015 when I was trying to move
from gpg 2.0.22 to 2.0.26 and I was getting two pinentry dialog boxes
when trying to decrypt emails in enigmail. Commenting out the line in
gpg-agent.conf solved this problem at the time and the file has remained
like this ever since.
However, just to check, I uncommented it (and pinentry-gtk-2 is
installed on the machine) :
pinentry-program /usr/bin/pinentry-gtk-2
and tried again to decrypt the document. The only difference was that
this time the pinentry dialog box carried the name of 'pinentry-gtk-2'
instead of being anonymous. But the operation failed just the same.
>
> Is the environment variable GPG_TTY set as describen in the manual?
GPG_TTY=/dev/pts/6
Which doesn't mean much to me, I'm afraid.
> Do you get a prompt when calling "pinentry"? If so, does it show up a
> window after entering "getpin"?
Yes, pinentry gives 'OK Pleased to meet you' and a prompt. Then entering
getpin produces the pinentry box in which I enter the pin and the next
line is
D zzzzzz (where zzzzzz is the pin I entered) followed by
OK
>
> More information about gpg-agent an pinentry interaction can be seen by
> putting
>
> --8<---------------cut here---------------start------------->8---
> log-file /somewhere/gpg-agent.log
> verbose
> debug ipc
> debug-pinentry
> --8<---------------cut here---------------end--------------->8---
>
> into gpg-agent.conf and restarting gpg-agent ("pkill gpg-agent" or
> "gpgconf --kill gpg-agent").
OK, I added this to gpg-agent.conf and I now have a log file of a single
attempt to decrypt a sample file with command :
gpg2 -v -o encrypt-decrypt -d encrypt_test.gpg
This produced the pinentry dialog into which I put my pin and the
operation promptly failed with this on the screen :
# off=0 ctb=85 tag=1 hlen=3 plen=268
:pubkey enc packet: version 3, algo 1, keyid 79D467BFF5DF6C91
data: [2048 bits]
gpg: public key is 0x79D467BFF5DF6C91
gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg: waiting for the agent to come up ... (5s)
gpg: connection to agent established
gpg: using subkey 0x79D467BFF5DF6C91 instead of primary key
0x26BD500A23543A63
# off=271 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb
:encrypted data packet:
length: unknown
mdc_method: 2
gpg: using subkey 0x79D467BFF5DF6C91 instead of primary key
0x26BD500A23543A63
gpg: encrypted with 2048-bit RSA key, ID 0x79D467BFF5DF6C91, created
2014-10-28
"Philip Jackson (Jan 2013 +) <philip.jackson at nordnet.fr>"
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key
I have the log file which I attach.
It shows a number of reports of the same error (lines 89,91,97,99,101)
ERR 83886254 Unknown option <PINentry>, before it asks me for the pin
(line 111). It says 'confidential data not shown' three times but I only
entered the pin once.
Can you determine anything from this ?
Regards,
Philip
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpg-agent-failed-decrypt.log
Type: text/x-log
Size: 10382 bytes
Desc: not available
URL: </pipermail/attachments/20170911/fd7b7d30/attachment.bin>
More information about the Gnupg-users
mailing list