tl;dr: I’m having an issue where gpg isn’t prompting for a passphrase for my private key, and is instead just failing. It’s happening when I try to sign git commits, and when I try to edit the key itself. Interestingly, it does not happen when I try to sign RPMs. It looks like this:
[dan@familybrown.org@neth-dev ~]$ gpg --edit-key "DanB35 Signing Key"
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 4096R/2D55864B created: 2018-06-10 expires: never usage: SC
trust: ultimate validity: ultimate
sub 4096R/0722210F created: 2018-06-10 expires: never usage: E
[ultimate] (1). DanB35 Signing Key <dan@familybrown.org>
gpg> addkey
Key is protected.
You need a passphrase to unlock the secret key for
user: "DanB35 Signing Key <dan@familybrown.org>"
4096-bit RSA key, ID 2D55864B, created 2018-06-10
gpg: problem with the agent: No pinentry
gpg: Key generation failed: Operation cancelled
gpg>
…but it never prompts for passphrase entry.
I speculate that this related to the fact that I copied over the ~/.gnupg directory from my Mac, and as a result the pinentry program was set incorrectly. But I’ve now corrected it (I think) in ~/.gnupg/gpg-agent.conf:
###+++--- GPGConf ---+++###
default-cache-ttl 600
max-cache-ttl 6000
###+++--- GPGConf ---+++### Thu Aug 7 06:52:52 2014 EDT
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.
pinentry-program /usr/bin/pinentry
/usr/bin/pinentry exists and is executable:
[dan@familybrown.org@neth-dev .gnupg]$ file /usr/bin/pinentry
/usr/bin/pinentry: POSIX shell script, ASCII text executable
…so I’m kind of scratching my head on what could be happening here. Any thoughts?