pinentry problems

Paul H. Hentze paul.hentze at posteo.de
Tue Apr 17 10:52:24 CEST 2018



On 17.04.2018 00:49, Daniel Kahn Gillmor wrote:
> On Tue 2018-04-17 00:04:11 +0200, Paul H. Hentze wrote:
>>> gpg: WARNING: unsafe permissions on homedir '/home/giraffenhorde/.gnupg'
>>
>> So I fixed that with
>>
>>> chown -R "$USER:$(id -gn)" ~/.gnupg
>>> chmod 700 ~/.gnupg
>>> chmod 600 ~/.gnupg/*
>>
>> from here: https://superuser.com/a/954639
> 
> this doesn't look right to me.
> 
> in particular, it's going to remove the "execute/traverse" permission on
> ~/.gnupg/private-keys-v1.d/, which means that gpg-agent isn't going to
> be able to get a list of all available secret keys.
> 
> Probably, you want to do the following (as your normal user account):
> 
>     find ~/.gnupg -type d -exec chown 0700 '{}' ';'
>     find ~/.gnupg -type f -exec chown 0600 '{}' ';'
> 
> if you do that, then you should be able to see some files whose names
> end in ".key" in ~/.gnupg/private-keys-v1.d/, like so:
> 
>     ls -l ~/.gnupg/private-keys-v1.d/*.key
> 
> if that's the case, then i recommend you ask your running gpg-agent to
> shut down because it's probably confused:
> 
>    gpgconf --kill gpg-agent
> 
> a new gpg-agent should start up again afterward as soon as you need it.
> you can also try to see which secret keys are available like this:
> 
>    gpg --with-keygrip --list-secret-keys
> 
> You should see that the keygrips listed match the files found in the
> "ls" output above.
> 
> If that doesn't work for you, please report back and we'll try to debug
> further :)
> 
>         --dkg
> 

Actually those commands
>     find ~/.gnupg -type d -exec chown 0700 '{}' ';'
>     find ~/.gnupg -type f -exec chown 0600 '{}' ';'

didn't work.
The terminal responded: "chown: The owner of data XXX is going to be
changed. This is not allowed." and it did that with every file in that
folder.

The rest of the commands are finde and I see the secret keys and the
matching keygrips.

Paul



More information about the Gnupg-users mailing list