GPG passphrase entry issues


(Dan) #1

tl;dr: I’m having an issue where gpg isn’t prompting for a passphrase for my private key, and is instead just failing. It’s happening when I try to sign git commits, and when I try to edit the key itself. Interestingly, it does not happen when I try to sign RPMs. It looks like this:

[dan@familybrown.org@neth-dev ~]$ gpg --edit-key "DanB35 Signing Key"
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  4096R/2D55864B  created: 2018-06-10  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
sub  4096R/0722210F  created: 2018-06-10  expires: never       usage: E   
[ultimate] (1). DanB35 Signing Key <dan@familybrown.org>

gpg> addkey
Key is protected.

You need a passphrase to unlock the secret key for
user: "DanB35 Signing Key <dan@familybrown.org>"
4096-bit RSA key, ID 2D55864B, created 2018-06-10

gpg: problem with the agent: No pinentry
gpg: Key generation failed: Operation cancelled

gpg> 

…but it never prompts for passphrase entry.

I speculate that this related to the fact that I copied over the ~/.gnupg directory from my Mac, and as a result the pinentry program was set incorrectly. But I’ve now corrected it (I think) in ~/.gnupg/gpg-agent.conf:


###+++--- GPGConf ---+++###
default-cache-ttl 600
max-cache-ttl 6000
###+++--- GPGConf ---+++### Thu Aug  7 06:52:52 2014 EDT
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.
pinentry-program /usr/bin/pinentry

/usr/bin/pinentry exists and is executable:

[dan@familybrown.org@neth-dev .gnupg]$ file /usr/bin/pinentry
/usr/bin/pinentry: POSIX shell script, ASCII text executable

…so I’m kind of scratching my head on what could be happening here. Any thoughts?


(Dan) #2

Why is it I always find the answer after I post? The problem was that I hadn’t reloaded the agent after making the configuration changes. Running gpg-connect-agent reloadagent /bye (thanks ArchLinux wiki) solved the problem.