Failed to export secret key

Alexander Leidinger Alexander at Leidinger.net
Mon Sep 4 19:45:11 CEST 2023


Hi,

gpg 2.4.3 complains about not being able to export my key. The issue is 
it can not query the secring password from my ssh session. How to debug 
this further?

This is what I have:
---snip---
% LANG=C gpg --export-secret-key -a -o netchild_sec.pgp 8F31830F9F2772BF
gpg: Warning: using insecure memory!
gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: error receiving key 
from agent: Operation cancelled - skipped
gpg: WARNING: nothing exported


% LANG=C gpg --version
gpg (GnuPG) 2.4.3
libgcrypt 1.10.2
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/netchild/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
         CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

  % LANG=C gpg --list-secret-key 8F31830F9F2772BF
gpg: Warning: using insecure memory!
sec   rsa4096 2016-08-16 [SC] [expires: 2024-02-08]
       034055A31F550AD032E2F6D78F31830F9F2772BF
uid           [ultimate] Alexander Leidinger <Alexander at Leidinger.net>
uid           [ultimate] Alexander Leidinger <netchild at FreeBSD.org>
uid           [ultimate] [jpeg image of size 9696]
ssb   rsa4096 2018-10-07 [E] [expires: 2024-02-08]
ssb   rsa4096 2018-10-07 [S] [expires: 2024-02-08]
ssb   rsa4096 2018-10-07 [S] [expires: 2024-02-08]

% cat .gnupg/gpg-agent.conf
#pinentry-program /usr/local/bin/pinentry-tty
log-file /tmp/gpgagent.log
disable-scdaemon

% cat .gnupg/options | grep -v "^#"

no-greeting

default-key 0x8F31830F9F2772BF

escape-from-lines

charset utf-8

lock-once

keyserver hkp://keys.openpgp.org

ask-cert-level
default-cert-level 2
import-options import-clean-sigs import-clean-uids
export-options export-clean-sigs export-clean-uids
keyserver-options no-include-revoked import-clean-sigs import-clean-uids 
export-clean-sigs export-clean-uids

fixed-list-mode
keyid-format 0xlong
with-fingerprint
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES 
CAST5 BZIP2 ZLIB ZIP Uncompressed
verify-options show-uid-validity
list-options show-uid-validity
sig-notation issuer-fpr at notations.openpgp.fifthhorseman.net=%g
cert-digest-algo SHA512

% cat /tmp/gpgagent.log
2023-09-04 19:23:46 gpg-agent[88711] gpg-agent (GnuPG) 2.4.3 started
2023-09-04 19:24:14 gpg-agent[88711] failed to unprotect the secret key: 
Verarbeitung wurde abgebrochen
2023-09-04 19:24:14 gpg-agent[88711] command 'EXPORT_KEY' failed: 
Verarbeitung wurde abgebrochen <Pinentry>
2023-09-04 19:24:43 gpg-agent[88711] failed to unprotect the secret key: 
Verarbeitung wurde abgebrochen
2023-09-04 19:24:43 gpg-agent[88711] command 'EXPORT_KEY' failed: 
Verarbeitung wurde abgebrochen <Pinentry>

  % ll /usr/local/bin/pinentry*
lrwxr-xr-x  1 root wheel   12B 31 Aug. 08:20 /usr/local/bin/pinentry@ -> 
pinentry-tty
-r-xr-xr-x  1 root wheel   71K  1 Sep. 00:13 
/usr/local/bin/pinentry-curses*
-r-xr-xr-x  1 root wheel   61K 31 Aug. 03:00 
/usr/local/bin/pinentry-tty*

% tty
/dev/pts/2

  % echo $GPG_TTY
/dev/pts/2
---snip---

If I specify --pinentry-mode loopback it works. Shouldn't this also work 
without this option? If yes, what's wrong or how to debug this further?

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander at Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild at FreeBSD.org  : PGP 0x8F31830F9F2772BF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230904/da7b3671/attachment.sig>


More information about the Gnupg-users mailing list