Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
Failed to export secret key
gnupg-users at gnupg
Sep 4, 2023, 10:45 AM
Post #1 of 8 (392 views)
Permalink
Hi,

gpg 2.4.3 complains about not being able to export my key. The issue is
it can not query the secring password from my ssh session. How to debug
this further?

This is what I have:
---snip---
% LANG=C gpg --export-secret-key -a -o netchild_sec.pgp 8F31830F9F2772BF
gpg: Warning: using insecure memory!
gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: error receiving key
from agent: Operation cancelled - skipped
gpg: WARNING: nothing exported


% LANG=C gpg --version
gpg (GnuPG) 2.4.3
libgcrypt 1.10.2
Copyright (C) 2023 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/netchild/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

% LANG=C gpg --list-secret-key 8F31830F9F2772BF
gpg: Warning: using insecure memory!
sec rsa4096 2016-08-16 [SC] [expires: 2024-02-08]
034055A31F550AD032E2F6D78F31830F9F2772BF
uid [ultimate] Alexander Leidinger <Alexander@Leidinger.net>
uid [ultimate] Alexander Leidinger <netchild@FreeBSD.org>
uid [ultimate] [jpeg image of size 9696]
ssb rsa4096 2018-10-07 [E] [expires: 2024-02-08]
ssb rsa4096 2018-10-07 [S] [expires: 2024-02-08]
ssb rsa4096 2018-10-07 [S] [expires: 2024-02-08]

% cat .gnupg/gpg-agent.conf
#pinentry-program /usr/local/bin/pinentry-tty
log-file /tmp/gpgagent.log
disable-scdaemon

% cat .gnupg/options | grep -v "^#"

no-greeting

default-key 0x8F31830F9F2772BF

escape-from-lines

charset utf-8

lock-once

keyserver hkp://keys.openpgp.org

ask-cert-level
default-cert-level 2
import-options import-clean-sigs import-clean-uids
export-options export-clean-sigs export-clean-uids
keyserver-options no-include-revoked import-clean-sigs import-clean-uids
export-clean-sigs export-clean-uids

fixed-list-mode
keyid-format 0xlong
with-fingerprint
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
CAST5 BZIP2 ZLIB ZIP Uncompressed
verify-options show-uid-validity
list-options show-uid-validity
sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g
cert-digest-algo SHA512

% cat /tmp/gpgagent.log
2023-09-04 19:23:46 gpg-agent[88711] gpg-agent (GnuPG) 2.4.3 started
2023-09-04 19:24:14 gpg-agent[88711] failed to unprotect the secret key:
Verarbeitung wurde abgebrochen
2023-09-04 19:24:14 gpg-agent[88711] command 'EXPORT_KEY' failed:
Verarbeitung wurde abgebrochen <Pinentry>
2023-09-04 19:24:43 gpg-agent[88711] failed to unprotect the secret key:
Verarbeitung wurde abgebrochen
2023-09-04 19:24:43 gpg-agent[88711] command 'EXPORT_KEY' failed:
Verarbeitung wurde abgebrochen <Pinentry>

% ll /usr/local/bin/pinentry*
lrwxr-xr-x 1 root wheel 12B 31 Aug. 08:20 /usr/local/bin/pinentry@ ->
pinentry-tty
-r-xr-xr-x 1 root wheel 71K 1 Sep. 00:13
/usr/local/bin/pinentry-curses*
-r-xr-xr-x 1 root wheel 61K 31 Aug. 03:00
/usr/local/bin/pinentry-tty*

% tty
/dev/pts/2

% echo $GPG_TTY
/dev/pts/2
---snip---

If I specify --pinentry-mode loopback it works. Shouldn't this also work
without this option? If yes, what's wrong or how to debug this further?

Bye,
Alexander.

--
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF

Attached Files:

Re: Failed to export secret key [ In reply to ]
gnupg-users at gnupg
Sep 5, 2023, 7:50 AM
Post #2 of 8 (391 views)
Permalink
On Mon, 4 Sep 2023 19:45, Alexander Leidinger said:

> If I specify --pinentry-mode loopback it works. Shouldn't this also
> work without this option? If yes, what's wrong or how to debug this

Sure, this shall work. You may want to add

--8<---------------cut here---------------start------------->8---
debug ipc
debug-pinentry
log-file /some/file
--8<---------------cut here---------------end--------------->8---

to gpg-agent.conf, restart the agent and check the log file.

Reminder: In case of any problems, please try invoking gpg with
--verbose (or -v). You will see more diagnostics.


Salam-Shalom,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Attached Files:

Re: Failed to export secret key [ In reply to ]
gnupg-users at gnupg
Sep 8, 2023, 4:49 AM
Post #3 of 8 (389 views)
Permalink
Am 2023-09-05 16:50, schrieb Werner Koch:
> On Mon, 4 Sep 2023 19:45, Alexander Leidinger said:
>
>> If I specify --pinentry-mode loopback it works. Shouldn't this also
>> work without this option? If yes, what's wrong or how to debug this
>
> Sure, this shall work. You may want to add
>
> --8<---------------cut here---------------start------------->8---
> debug ipc
> debug-pinentry
> log-file /some/file
> --8<---------------cut here---------------end--------------->8---
>
> to gpg-agent.conf, restart the agent and check the log file.

The debug log:
---snip---
2023-09-08 13:37:48 gpg-agent[94276] listening on socket
'/home/netchild/.gnupg/S.gpg-agent'
2023-09-08 13:37:48 gpg-agent[94276] listening on socket
'/home/netchild/.gnupg/S.gpg-agent.extra'
2023-09-08 13:37:48 gpg-agent[94276] listening on socket
'/home/netchild/.gnupg/S.gpg-agent.browser'
2023-09-08 13:37:48 gpg-agent[94276] listening on socket
'/home/netchild/.gnupg/S.gpg-agent.ssh'
2023-09-08 13:37:48 gpg-agent[94491] gpg-agent (GnuPG) 2.4.3 started
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK Pleased to meet
you
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- RESET
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- OPTION
ttyname=/dev/pts/5
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- OPTION
ttytype=tmux-256color
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- OPTION lc-ctype=C
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- OPTION lc-messages=C
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- GETINFO version
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> D 2.4.3
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- OPTION
allow-pinentry-notify
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- OPTION
agent-awareness=2.1.0
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- KEYWRAP_KEY --export
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> [[Confidential data
not shown]]
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- HAVEKEY --list=1000
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> [. 44 20 2a 2b f8 18
37 63 7b b2 14 a3 34 4a 2a 5f ...(66 byte(s) skipped) ]
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- KEYINFO
89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> S KEYINFO
89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C D - - - P - - -
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK2023-09-08
13:37:48 gpg-agent[94491] DBG: chan_8 <- SETKEYDESC
Please+enter+the+passphrase+to+export+the+OpenPGP+secret+key:%0A%22Alexander+Leidinger+<Alexander@Leidinger.net>%22%0A4096-bit+RSA+key,+ID+8F31830F9F2772BF,%0Acreated+2016-08-16.%0A
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 -> OK
2023-09-08 13:37:48 gpg-agent[94491] DBG: chan_8 <- EXPORT_KEY --openpgp
89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C
2023-09-08 13:37:48 gpg-agent[94491] starting a new PIN Entry
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK Pleased to meet
you, process 94491
2023-09-08 13:37:53 gpg-agent[94491] DBG: connection to PIN entry
established
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION no-grab
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
ttyname=/dev/pts/5
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
ttytype=tmux-256color
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION lc-ctype=C
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION lc-messages=C
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
allow-external-password-cache
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
default-ok=_OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
default-cancel=_Cancel
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
default-yes=_Yes
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- ERR 83886254 Unknown
option <Pinentry>
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
default-no=_No
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- ERR 83886254 Unknown
option <Pinentry>
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
default-prompt=PIN:
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
default-pwmngr=_Save in password manager
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
default-cf-visi=Do you really want to make your passphrase visible on
the screen?
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
default-tt-visi=Make passphrase visible
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
default-tt-hide=Hide passphrase
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
default-capshint=Caps Lock is on
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> OPTION
touch-file=/home/netchild/.gnupg/S.gpg-agent
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> GETINFO flavor
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- D tty
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> GETINFO version
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- D 1.2.1
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> GETINFO ttyinfo
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- D /dev/pts/5
tmux-256color - ? 1001/1001 0
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> GETINFO pid
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- D 94492
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_8 -> INQUIRE
PINENTRY_LAUNCHED 94492 tty 1.2.1 /dev/pts/5 tmux-256color - ? 1001/1001
0
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_8 <- END
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> SETKEYINFO --clear
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> SETDESC Please enter
the passphrase to export the OpenPGP secret key:%0A%22Alexander
Leidinger <Alexander@Leidinger.net>%22%0A4096-bit RSA key, ID
8F31830F9F2772BF,%0Acreated 2016-08-16.%0A
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> SETPROMPT
Passphrase:
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- OK
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 -> [[Confidential data
not shown]]
2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- [[Confidential data
not shown]]
2023-09-08 13:37:54 gpg-agent[94491] DBG: error calling pinentry:
Operation cancelled <Pinentry>
2023-09-08 13:37:54 gpg-agent[94491] DBG: chan_9 -> BYE
2023-09-08 13:37:54 gpg-agent[94491] failed to unprotect the secret key:
Operation cancelled
2023-09-08 13:37:54 gpg-agent[94491] command 'EXPORT_KEY' failed:
Operation cancelled <Pinentry>
2023-09-08 13:37:54 gpg-agent[94491] DBG: chan_8 -> ERR 83886179
Operation cancelled <Pinentry>
2023-09-08 13:37:54 gpg-agent[94491] DBG: chan_8 <- [eof]
---snip---

No idea where the "ERR 83886254 Unknown option <Pinentry>" is coming
from, I don't have "Pinentry" in any options file.

> Reminder: In case of any problems, please try invoking gpg with
> --verbose (or -v). You will see more diagnostics.

The verbose output (which doesn't reveal anything new):
---snip---
gpg: enabled compatibility flags:
gpg: writing to 'netchild_sec.pgp'
gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: asking agent for the
secret parts
gpg: Note: signature key 0439FFA68121245E expired 2021-06-16 14:41:02
gpg: Note: signature key AAF1421A85208084 expired 2021-06-16 14:40:46
gpg: pinentry launched (15243 tty 1.2.1 /dev/pts/5 tmux-256color - ?
1001/1001 0)
gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: error receiving key
from agent: Operation cancelled - skipped
gpg: WARNING: nothing exported
---snip---

Bye,
Alexander.

--
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF

Attached Files:

Re: Failed to export secret key [ In reply to ]
gnupg-users at gnupg
Sep 8, 2023, 6:26 AM
Post #4 of 8 (389 views)
Permalink
On Fri, 8 Sep 2023 13:49, Alexander Leidinger said:

> default-yes=_Yes
> 2023-09-08 13:37:53 gpg-agent[94491] DBG: chan_9 <- ERR 83886254
> Unknown option <Pinentry>

Don't care about this error. It is shown but ignored. Future
Pinentries might want to implement a yes button and gpg provides the
translation here.


> 2023-09-08 13:37:54 gpg-agent[94491] DBG: error calling pinentry:
> Operation cancelled <Pinentry>

You clicked on CANCEL or closed the window.

> gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: asking agent for
> the secret parts
[...]
> gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: error receiving key
> from agent: Operation cancelled - skipped

You canceled, gpg-agent could not unprotect the key and and thus you get
the error code.

Given that you said it worked in loopback mode - I assume the pinentry
is broken and returns Cancel due to other reasons. Did you

GPG=$(tty)
export GPG_TTY

in your target's bashrc etc? The simple tty pinentry is used and it
needs to know its tty - is /dev/pts/5 the correct one? Try running
pinentry on the target directly:

$ pinentry
getpin

should show the prompt. Does it - if not, strace the process etc.



Salam-Shalom,

Werner


--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Attached Files:

Re: Failed to export secret key [ In reply to ]
gnupg-users at gnupg
Sep 8, 2023, 6:40 AM
Post #5 of 8 (389 views)
Permalink
Am 2023-09-08 15:26, schrieb Werner Koch:
> On Fri, 8 Sep 2023 13:49, Alexander Leidinger said:

>> 2023-09-08 13:37:54 gpg-agent[94491] DBG: error calling pinentry:
>> Operation cancelled <Pinentry>
>
> You clicked on CANCEL or closed the window.

No prompt at all in the console / ssh connection (and no graphics, so
nothing to click on). So no manual cancelling from me.

>> gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: asking agent for
>> the secret parts
> [...]
>> gpg: key 89DE8BFC8A2A81F8C9BD2F7940C7373A4DE34E7C: error receiving key
>> from agent: Operation cancelled - skipped
>
> You canceled, gpg-agent could not unprotect the key and and thus you
> get
> the error code.
>
> Given that you said it worked in loopback mode - I assume the pinentry
> is broken and returns Cancel due to other reasons. Did you
>
> GPG=$(tty)
> export GPG_TTY

% echo $GPG_TTY
/dev/pts/5

> in your target's bashrc etc? The simple tty pinentry is used and it
> needs to know its tty - is /dev/pts/5 the correct one? Try running

Yes it is:
% tty
/dev/pts/5

And there is no other one (this is a FreeBSD jail):
% ll /dev/pts
total 0
crw--w---- 1 netchild tty 0x190 8 Sep. 15:36 5

> pinentry on the target directly:
>
> $ pinentry
> getpin
>
> should show the prompt. Does it - if not, strace the process etc.

I only have two pinentry binaries installed, both are not for a
graphical environment:

% ll /usr/local/bin/pinentry*
lrwxr-xr-x 1 root wheel 12B 31 Aug. 08:20 /usr/local/bin/pinentry@ ->
pinentry-tty
-r-xr-xr-x 1 root wheel 71K 1 Sep. 00:13
/usr/local/bin/pinentry-curses*
-r-xr-xr-x 1 root wheel 61K 31 Aug. 03:00
/usr/local/bin/pinentry-tty*

% pinentry
Warning: using insecure memory!
OK Pleased to meet you
getpin
pinentry-tty
PIN:
D asdf
OK
bye
OK closing connection

% pinentry-curses
Warning: using insecure memory!
OK Pleased to meet you
getpin
<courses dialog popped up in the ssh connection>
D asdf
OK
bye
OK closing connection

Bye,
Alexander.

--
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF

Attached Files:

Re: Failed to export secret key [ In reply to ]
bernhard at intevation
Sep 13, 2023, 1:33 AM
Post #6 of 8 (377 views)
Permalink
Am Freitag 08 September 2023 15:40:43 schrieb Alexander Leidinger via
Gnupg-users:
> > You clicked on CANCEL or closed the window.
>
> No prompt at all in the console / ssh connection (and no graphics, so
> nothing to click on). So no manual cancelling from me.

There used to be pinentries issues with terminal size in the past
https://dev.gnupg.org/T5322
https://dev.gnupg.org/T4924

Maybe that helps with debugging. You could try a large terminal window.

Bernhard
--
https://intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter

Attached Files:

Re: Failed to export secret key [ In reply to ]
gnupg-users at gnupg
Sep 13, 2023, 3:34 AM
Post #7 of 8 (377 views)
Permalink
Hi,

so everthing looks okay. What I would now do is to strace pinentry;
Here is a wpinentry wrapper I have used in the past.

--8<---------------cut here---------------start------------->8---
#!/bin/sh

MYPINENTRY="/usr/local/bin/pinentry-qt"

locale >/tmp/pinentry.err
set >>/tmp/pinentry.err
exec strace -o /tmp/pinentry.trc -e read=0 $MYPINENTRY -v -d "$@" 2>>/tmp/pinentry.err
#exec valgrind $MYPINENTRY -d "$@" 2>>/tmp/pinentry.err
--8<---------------cut here---------------end--------------->8---

Adjust to your needs and put

pinentry-program /home/foo/bin/pinentry-wrapper

into gpg-agent.conf. gpgconf --kill gpg-agent and try again.


Salam-Shalom,

Werner


--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Attached Files:

Re: Failed to export secret key [ In reply to ]
gnupg-users at gnupg
Sep 22, 2023, 5:06 AM
Post #8 of 8 (360 views)
Permalink
Am 2023-09-13 12:34, schrieb Werner Koch:
> Hi,
>
> so everthing looks okay. What I would now do is to strace pinentry;
> Here is a wpinentry wrapper I have used in the past.
>
> --8<---------------cut here---------------start------------->8---
> #!/bin/sh
>
> MYPINENTRY="/usr/local/bin/pinentry-qt"
>
> locale >/tmp/pinentry.err
> set >>/tmp/pinentry.err
> exec strace -o /tmp/pinentry.trc -e read=0 $MYPINENTRY -v -d "$@"
> 2>>/tmp/pinentry.err
> #exec valgrind $MYPINENTRY -d "$@" 2>>/tmp/pinentry.err
> --8<---------------cut here---------------end--------------->8---
>
> Adjust to your needs and put

pinentry-tty doesn't support "-v" (removed), and I used the FreeBSD
ktrace...

> pinentry-program /home/foo/bin/pinentry-wrapper
>
> into gpg-agent.conf. gpgconf --kill gpg-agent and try again.

The issue is, that pinentry-tty can't open the tty. The errno is no such
file or directory, but it is is visible with ls. The reason why this
happens is that I ssh to the FreeBSD host, and from there login into a
jail. The jail imposes some access restrictions on processes within the
jail.

If I ssh into this account, a new tty is opened and the export works as
it should.

As such I opened a discussion on the FreeBSD side about this behavior.
The is at least a mismatch of what you see (the pts) and what you can do
(normally if you see a pts, you can access it), so to me either it
should allow the access, or not show the pts in ls...

Bye,
Alexander.

--
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal