tl;dr: I’m having an issue where gpg isn’t prompting for a passphrase for my private key, and is instead just failing. It’s happening when I try to sign git commits, and when I try to edit the key itself. Interestingly, it does not happen when I try to sign RPMs. It looks like this:
[email@example.com@neth-dev ~]$ gpg --edit-key "DanB35 Signing Key" gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 4096R/2D55864B created: 2018-06-10 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/0722210F created: 2018-06-10 expires: never usage: E [ultimate] (1). DanB35 Signing Key <firstname.lastname@example.org> gpg> addkey Key is protected. You need a passphrase to unlock the secret key for user: "DanB35 Signing Key <email@example.com>" 4096-bit RSA key, ID 2D55864B, created 2018-06-10 gpg: problem with the agent: No pinentry gpg: Key generation failed: Operation cancelled gpg>
…but it never prompts for passphrase entry.
I speculate that this related to the fact that I copied over the ~/.gnupg directory from my Mac, and as a result the pinentry program was set incorrectly. But I’ve now corrected it (I think) in ~/.gnupg/gpg-agent.conf:
###+++--- GPGConf ---+++### default-cache-ttl 600 max-cache-ttl 6000 ###+++--- GPGConf ---+++### Thu Aug 7 06:52:52 2014 EDT # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines. pinentry-program /usr/bin/pinentry
/usr/bin/pinentry exists and is executable:
[firstname.lastname@example.org@neth-dev .gnupg]$ file /usr/bin/pinentry /usr/bin/pinentry: POSIX shell script, ASCII text executable
…so I’m kind of scratching my head on what could be happening here. Any thoughts?