Mailing List Archive

No Pinentry
If I sign a message in Kmail using OpenPGP/MIME I get the pinentry window for
entering my pass phrase. If I select S/MIME, I do not. The log shows:

4 - 2004-12-29 15:37:41 gpgsm[1531]: error creating signature: No pinentry
4 - 2004-12-29 15:37:41 gpgsm[1531.0x807c000] DBG: -> ERR 67108949 No pinentry

Yet gpg-agent is running;

/usr/pkg/bin/gpg-agent --daemon --pinentry-program /usr/pkg/bin/pinentry-gtk

Is there pinentry configuration specific to gpg-sm?

--
John R. Shannon
john@johnrshannon.com
john.r.shannon@saic.com
shannonjr@NetBSD.org
Re: No Pinentry [ In reply to ]
On Wednesday 29 December 2004 23:42, John R. Shannon wrote:
> If I sign a message in Kmail using OpenPGP/MIME I get the pinentry
> window for entering my pass phrase. If I select S/MIME, I do not.

Are you sure you are seeing the pinentry dialog? It's possible that
KMail is showing the dialog for entering your passphrase.

> The log shows:
>
> 4 - 2004-12-29 15:37:41 gpgsm[1531]: error creating signature: No
> pinentry 4 - 2004-12-29 15:37:41 gpgsm[1531.0x807c000] DBG: -> ERR
> 67108949 No pinentry

And when using OpenPGP/MIME you don't get a similar error message?

> Yet gpg-agent is running;
>
> /usr/pkg/bin/gpg-agent --daemon --pinentry-program
> /usr/pkg/bin/pinentry-gtk
>
> Is there pinentry configuration specific to gpg-sm?

gpgsm is deprecated. You should install gpg2 (which replaces the old
gpgsm). Note that you still need gpg for OpenPGP/MIME.

Regards,
Ingo
Re: No Pinentry [ In reply to ]
On Wednesday 29 December 2004 04:21 pm, Ingo Klöcker wrote:
> On Wednesday 29 December 2004 23:42, John R. Shannon wrote:
> > If I sign a message in Kmail using OpenPGP/MIME I get the pinentry
> > window for entering my pass phrase. If I select S/MIME, I do not.
>
> Are you sure you are seeing the pinentry dialog? It's possible that
> KMail is showing the dialog for entering your passphrase.

Yes, the window has the title "pinentry-gtk"

> > The log shows:
> >
> > 4 - 2004-12-29 15:37:41 gpgsm[1531]: error creating signature: No
> > pinentry 4 - 2004-12-29 15:37:41 gpgsm[1531.0x807c000] DBG: -> ERR
> > 67108949 No pinentry
>
> And when using OpenPGP/MIME you don't get a similar error message?

No. The mail is correctly signed.

> > Yet gpg-agent is running;
> >
> > /usr/pkg/bin/gpg-agent --daemon --pinentry-program
> > /usr/pkg/bin/pinentry-gtk
> >
> > Is there pinentry configuration specific to gpg-sm?
>
> gpgsm is deprecated. You should install gpg2 (which replaces the old
> gpgsm). Note that you still need gpg for OpenPGP/MIME.

I'm confused, gpg-sm comes as part of gnupg-1.9.14.tar.gz. Is there something
newer?

--
John R. Shannon
john@johnrshannon.com
john.r.shannon@saic.com
shannonjr@NetBSD.org
Re: No Pinentry [ In reply to ]
On Thursday 30 December 2004 00:43, John R. Shannon wrote:
> On Wednesday 29 December 2004 04:21 pm, Ingo Klöcker wrote:
> > gpgsm is deprecated. You should install gpg2 (which replaces the
> > old gpgsm). Note that you still need gpg for OpenPGP/MIME.
>
> I'm confused, gpg-sm comes as part of gnupg-1.9.14.tar.gz. Is there
> something newer?

Hmm, apparently only the old gpgsm package is deprecated. Sorry, for the
confusion. No, AFAIK there isn't anything newer.

Regards,
Ingo
Re: No Pinentry [ In reply to ]
On Thu, 30 Dec 2004 00:21:27 +0100, Ingo Klöcker said:

> gpgsm is deprecated. You should install gpg2 (which replaces the old
> gpgsm). Note that you still need gpg for OpenPGP/MIME.

No. gpgsm is not deprecated but the S/MIME cousin of gpg. In fact,
gpg2 should not be used because the gpg from gnupg 1.2.x or
gnupg.1.4.x is much more matured than gpg2

Werner
Re: No Pinentry [ In reply to ]
On Wed, 29 Dec 2004 15:42:30 -0700, John R Shannon said:

> /usr/pkg/bin/gpg-agent --daemon --pinentry-program /usr/pkg/bin/pinentry-gtk

Does

/usr/pkg/bin/pinentry-gtk

shows you you a greeting like "OK Your orders please" ? Enter
"GETPIN" and the window should appear. Enter a random PIN into the
window and you should get back something like "D 1234". Enter "BYE"

Does it all work? If not: Are DISPLAY and GPG_TTY set?

Werner
Re: No Pinentry [ In reply to ]
$ /usr/pkg/bin/pinentry-gtk
OK Your orders please
GETPIN
pinentry-gtk: no LC_CTYPE known - assuming UTF-8
pinentry-gtk: no LC_CTYPE known - assuming UTF-8
D 1234
OK

Yes, it works.

However, if I enter:

$ echo test |gpgsm -s |gpgsm -v

I get:

$ echo test |gpgsm -s |gpgsm -v
Secure memory is not locked into core
gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION!
gpgsm: It is only intended for test purposes and should NOT be
gpgsm: used in a production environment or with production keys!
Secure memory is not locked into core
gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION!
gpgsm: It is only intended for test purposes and should NOT be
gpgsm: used in a production environment or with production keys!
gpgsm: invalid command (there is no implicit command)
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/16384 bytes in 0 blocks
gpgsm: DBG: get_keygrip for public key
gpgsm: DBG: keygrip= E8 EC 38 C7 15 91 8E 10 3B 81 B1 5C 1B 9E 78 44 FF 00 2C
D2
gpgsm: DBG: connection to agent established
gpgsm: DBG: get_keygrip for public key
gpgsm: DBG: keygrip= 40 11 6E 4E 45 90 89 62 12 E4 15 E8 4D B2 FE CA D9 C8 4F
32
gpgsm: DBG: get_keygrip for public key
gpgsm: DBG: keygrip= 87 43 A7 7F 9B 34 04 A2 02 C4 9A 05 12 C7 9D 4D C9 A0 E8
0F
gpgsm: DBG: get_keygrip for public key
gpgsm: DBG: keygrip= 25 C2 B4 54 4C BE D7 CD DF 38 0B 1A A1 F4 12 E9 0D 9B EE
2A
gpgsm: DBG: get_keygrip for public key
gpgsm: DBG: keygrip= 10 A3 0F 90 46 90 07 B8 83 9E 25 DA BF 52 C3 A0 85 EF 47
E7
gpgsm: DBG: get_keygrip for public key
gpgsm: DBG: keygrip= 46 C6 0C 78 ED 9A 58 BD EC A6 C8 4B 54 77 5A 89 D5 A2 AC
9E
gpgsm: DBG: get_keygrip for public key
gpgsm: DBG: keygrip= 6E F5 76 6F 2F 11 17 07 7A 4C 4A BA 8F 46 05 5F 33 D2 82
7D
gpgsm: DBG: get_keygrip for public key
gpgsm: DBG: keygrip= 82 18 86 D8 7A 84 2A 93 02 B7 6E 48 90 68 29 6E 95 74 10
CF
gpgsm: DBG: get_keygrip for public key
gpgsm: DBG: keygrip= 44 5E 70 A0 76 61 54 84 E2 31 3A 44 B4 60 2D 18 0E E1 49
68
gpgsm: DBG: get_keygrip for public key
gpgsm: DBG: keygrip= B3 47 FE 13 6B 50 70 65 02 82 F7 6F 8A F7 05 B7 DF 1F E6
02
gpgsm: DBG: BEGIN Certificate `target':
gpgsm: DBG: serial: 365CD49D4E7CF8A606E2890261CEC95E
gpgsm: DBG: notBefore: 2004-03-05 00:00:00
gpgsm: DBG: notAfter: 2005-03-05 23:59:59
gpgsm: DBG: issuer: CN=VeriSign
IECA,OU=IECA-3,OU=Contractor,OU=PKI,OU=DOD,O=U.S. Government,C=US
gpgsm: DBG: subject: CN=John Shannon1000213471,OU=Company Name -
SAIC,OU=IECA-3,OU=Contractor,OU=PKI,OU=DOD,O=U.S. Government,C=US
gpgsm: DBG: hash algo: 1.2.840.113549.1.1.5
gpgsm: DBG: SHA1 Fingerprint:
DB:D9:D9:B2:6E:A6:FF:57:B6:F2:30:C5:3D:72:4C:3F:F3:CF:30:AD
gpgsm: DBG: END Certificate
gpgsm: certificate's policy list: 2.16.840.1.101.2.1.11.5:N:
gpgsm: note: non-critical certificate policy not allowed
gpgsm: DBG: got issuer's certificate:
gpgsm: DBG: BEGIN Certificate `issuer':
gpgsm: DBG: serial: 6B8419EFCF2EFE6D34A9A0CA0BBDD9C7
gpgsm: DBG: notBefore: 2001-11-21 00:00:00
gpgsm: DBG: notAfter: 2006-11-20 23:59:59
gpgsm: DBG: issuer: CN=VeriSign
IECA,OU=IECA-3,OU=Contractor,OU=PKI,OU=DOD,O=U.S. Government,C=US
gpgsm: DBG: subject: CN=VeriSign
IECA,OU=IECA-3,OU=Contractor,OU=PKI,OU=DOD,O=U.S. Government,C=US
gpgsm: DBG: hash algo: 1.2.840.113549.1.1.5
gpgsm: DBG: SHA1 Fingerprint:
08:57:2A:4C:D4:9A:76:60:D4:72:7A:6E:55:FF:D4:44:9C:82:0E:4D
gpgsm: DBG: END Certificate
gpgsm: DBG: signature value: 28 37 3A 73 69 67 2D 76 61 6C 28 33 3A 72 73 61
28 31 3A 73 31 32 38 3A 40 B3 F7 1D D6 20 C5 F1 E8 1F B5 6C 90 B7 42 19 21 24
84 9F 04 C4 D0 EC 86 5E D3 89 B1 2D 7CAA 2C FC 8B 41 47 2B 8B BA 3A 67 23 59
6D 26 33 13 FA 2D 18 1B 4A 1E E2 D1 3D 3E 40 BF 12 A1 CF 0B E6 74 A1 02 CC 96
8F 01 DD DB 5C 17 46 E0 41 41 E3 60 3F C5 BE 24 57 DA 9C 26 FA 99 8F 09 80 5A
2D 9A 3D 9C F0 E4 1E F8 B9 80 0B 2B 9A 34 7B A9 83 60 72 66 9C 15 16 D9 98 53
55 1C 6A A8 8E D6 29 29 29
gpgsm: DBG: encoded hash: 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FFFF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 30 21
30 09 06 05 2B 0E 03 02 1A 05 00 04 14 6B 8D D5 3A 90 D9 DD 21 5E 09 4E 4E C8
B0 B2 5D A5 56 20 06
DBG: pubkey_verify: algo=1
pkey::
C83669C9450375A09AF10F13D98828785CFBFD2F25BF146C1A2D79DADB1F35B5B5CF2B28F109229228E9F8375B31CAC89185EBDA656439D346F2F359FCA66A9EAEA0E501D34A609B28678A6E10ED536006F8E7174F1659E2A4C1C42F816E57E4A912AE3A0A5747A0EE50D7A9B046732E7C4F759390196E777AD954E1AB5A9BF9
pkey:: 10001
sig::
40B3F71DD620C5F1E81FB56C90B742192124849F04C4D0EC865ED389B12D7CAA2CFC8B41472B8BBA3A6723596D263313FA2D181B4A1EE2D13D3E40BF12A1CF0BE674A102CC968F01DDDB5C1746E04141E3603FC5BE2457DA9C26FA998F09805A2D9A3D9CF0E41EF8B9800B2B9A347BA9836072669C1516D99853551C6AA88ED6
hash::
1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A050004146B8DD53A90D9DD215E094E4EC8B0B25DA5562006
gpgsm: DBG: gcry_pk_verify: Success
gpgsm: DBG: connection to dirmngr established
gpgsm: asking dirmngr about
DB:D9:D9:B2:6E:A6:FF:57:B6:F2:30:C5:3D:72:4C:3F:F3:CF:30:AD
gpgsm: response of dirmngr: okay
gpgsm: certificate is good
gpgsm: certificate's policy list: 2.16.840.1.101.2.1.11.5:N:
gpgsm: note: non-critical certificate policy not allowed
gpgsm: DBG: signature value: 28 37 3A 73 69 67 2D 76 61 6C 28 33 3A 72 73 61
28 31 3A 73 31 32 38 3A 3C 36 A4 EF 1E 9A 88 8C 9D 19 42 5A 8C 23 5B 9D 4B B7
84 E7 71 77 EE 96 2E 18 E7 95 D5 16 CCE1 0E 8D A9 A2 DD DC E2 EC CC B4 F4 E7
01 47 75 B2 6A 6D 5F AA 80 7D 6D B1 E1 5C 71 F0 88 22 6A 04 78 B9 D4 98 F0 B0
1B BF A9 23 59 DA 2B 32 80 0E 3A DF 3D 55 E9 51 6E CE 66 51 12 7E AD 64 AE 60
62 CE 7F 15 CB D5 35 78 09 4B D6 70 0B 47 AC 58 82 18 15 F7 85 80 F2 19 08 89
34 FB 47 39 B4 A9 29 29 29
gpgsm: DBG: encoded hash: 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FFFF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 30 21
30 09 06 05 2B 0E 03 02 1A 05 00 04 14 03 E9 1D 8F 27 23 E4 58 4A 25 7D 2D 66
F7 CA 17 DE 36 AF 66
DBG: pubkey_verify: algo=1
pkey::
C83669C9450375A09AF10F13D98828785CFBFD2F25BF146C1A2D79DADB1F35B5B5CF2B28F109229228E9F8375B31CAC89185EBDA656439D346F2F359FCA66A9EAEA0E501D34A609B28678A6E10ED536006F8E7174F1659E2A4C1C42F816E57E4A912AE3A0A5747A0EE50D7A9B046732E7C4F759390196E777AD954E1AB5A9BF9
pkey:: 10001
sig::
3C36A4EF1E9A888C9D19425A8C235B9D4BB784E77177EE962E18E795D516CCE10E8DA9A2DDDCE2ECCCB4F4E7014775B26A6D5FAA807D6DB1E15C71F088226A0478B9D498F0B01BBFA92359DA2B32800E3ADF3D55E9516ECE6651127EAD64AE6062CE7F15CBD53578094BD6700B47AC58821815F78580F219088934FB4739B4A9
hash::
1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A0500041403E91D8F2723E4584A257D2D66F7CA17DE36AF66
gpgsm: DBG: gcry_pk_verify: Success
gpgsm: asking dirmngr about
08:57:2A:4C:D4:9A:76:60:D4:72:7A:6E:55:FF:D4:44:9C:82:0E:4D
gpgsm: response of dirmngr: okay
gpgsm: DBG: adding certificates at level 1
gpgsm: DBG: get_keygrip for public key
gpgsm: DBG: keygrip= B3 47 FE 13 6B 50 70 65 02 82 F7 6F 8A F7 05 B7 DF 1F E6
02
gpgsm: error creating signature: No pinentry <GPG Agent>
random usage: poolsize=600 mixed=3 polls=0/21 added=105/1848
outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 1344/16384 bytes in 2 blocks


On Monday 03 January 2005 02:06 am, Werner Koch wrote:
> On Wed, 29 Dec 2004 15:42:30 -0700, John R Shannon said:
> > /usr/pkg/bin/gpg-agent --daemon --pinentry-program
> > /usr/pkg/bin/pinentry-gtk
>
> Does
>
> /usr/pkg/bin/pinentry-gtk
>
> shows you you a greeting like "OK Your orders please" ? Enter
> "GETPIN" and the window should appear. Enter a random PIN into the
> window and you should get back something like "D 1234". Enter "BYE"
>
> Does it all work? If not: Are DISPLAY and GPG_TTY set?
>
> Werner

--
John R. Shannon
john@johnrshannon.com
john.r.shannon@saic.com
shannonjr@NetBSD.org
Re: No Pinentry [ In reply to ]
On Mon, 3 Jan 2005 03:03:38 -0700, John R Shannon said:

> However, if I enter:

> $ echo test |gpgsm -s |gpgsm -v

Note that "gpgsm -v" is not the same as "gpgsm --verify" but would
print

gpgsm: invalid command (there is no implicit command)

I can replicate your problem using

echo test | gpgsm -sa

(The -a creates PEM forma which doesn't mess up the tty).

I'll look at it.

Werner
Re: No Pinentry [ In reply to ]
Okay,

here is the fix:


2005-01-03 Werner Koch <wk@g10code.com>

* asshelp.c (send_pinentry_environment): Fixed changed from
2004-12-18; cut+paste error for lc-messages.


diff -u -r1.1.2.4 asshelp.c
--- common/asshelp.c 18 Dec 2004 10:22:10 -0000 1.1.2.4
+++ common/asshelp.c 3 Jan 2005 11:28:48 -0000
@@ -150,7 +150,7 @@
#endif
if (opt_lc_messages || (dft_ttyname && dft_lc))
{
- err = send_one_option (ctx, errsource, "display",
+ err = send_one_option (ctx, errsource, "lc-messages",
opt_lc_messages ? opt_lc_messages : dft_lc);
}
#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)
Re: No Pinentry [ In reply to ]
It works now with this fix.

Thank You.

On Monday 03 January 2005 04:28 am, Werner Koch wrote:
> Okay,
>
> here is the fix:
>
>
> 2005-01-03 Werner Koch <wk@g10code.com>
>
> * asshelp.c (send_pinentry_environment): Fixed changed from
> 2004-12-18; cut+paste error for lc-messages.
>
>
> diff -u -r1.1.2.4 asshelp.c
> --- common/asshelp.c 18 Dec 2004 10:22:10 -0000 1.1.2.4
> +++ common/asshelp.c 3 Jan 2005 11:28:48 -0000
> @@ -150,7 +150,7 @@
> #endif
> if (opt_lc_messages || (dft_ttyname && dft_lc))
> {
> - err = send_one_option (ctx, errsource, "display",
> + err = send_one_option (ctx, errsource, "lc-messages",
> opt_lc_messages ? opt_lc_messages : dft_lc);
> }
> #if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)

--
John R. Shannon
john@johnrshannon.com
john.r.shannon@saic.com
shannonjr@NetBSD.org