pinentry requiring passphrase every couple of hours
Pinentry for Mac
MacGPG2 2.0.28 (build 851n)
GPG Keychain 1.2 build 1131n
GPGServices 1.10 build 859n
I installed GPGSuite nightly build 1395n the other day. Since then, I am prompted to enter my key passphrase every couple of hours, even though I have "Store passphrases in OS X Keychain" selected in the settings. There is no entry for gnupg in my OS X keychain
What did you expect instead
Behavior expected would be that GPG key passphrases would be managed by pinentry and OS X keychain automatically, rather than having to manually enter passphrases
Describe steps leading to the problem.
Open Mail, prompted for passphrase. Enter passphrase. Leave Mail open for several hours and I am periodically prompted for passphrase entry.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Steve on 06 Aug, 2015 01:06 PM
HI Geordon,
to resolve this, could you please download and install our latest nightly build and see if the problem persists. That page also has sig and SHA1 to verify the download.
Once we are sure you are on the latest GPG Suite nightly build, open GPGPreferences and press the "Delete stored passphrases" button. Next set the caching time to store your passphrase to a very low value.
Open Mail and select some encrypted mail or try to write a signed mail. In both cases you should only be asked once for your passphrase and "store in keychain" should be enabled in the pinentry dialog. After that your passphrase should be grabbed from the OS X keychain.
Please let me know if that worked.
All the best, steve
Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.
2 Posted by gvantass on 06 Aug, 2015 04:23 PM
I downloaded the latest nightly, checked sig (which was good), installed it, and rebooted for good measure.
Went into GPGPreferences, deleted stored keys and changed the cache time to 5 seconds and made sure that "Store in OS X keychain" was selected.
Opened Mail.app, selected an encrypted mail, got prompted by pinentry for passphrase. There was no option to "store in keychain" in the pinentry dialog.
Waited a minute to let the cache expire, then selected a different encrypted email. Was prompted again for passphrase.
I have included screen grabs of my GPG versions and the pinentry dialog box.
Thanks!
Support Staff 3 Posted by Steve on 06 Aug, 2015 04:49 PM
Hey Geordon,
thanks for the screenshots and the update. The pinentry you are using does not work with the MacGPG2 you have on your machine.
In the gpg-agent.conf file, pinentry-program should be /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac .
If that is not the case, please copy that part and paste it into this discussion.
4 Posted by gvantass on 06 Aug, 2015 04:51 PM
/Library/Frameworks/Libmacgpg.framework/Versions/A/Resources/pinentry-mac.app/
Looks like my pinentry app is wrong.
Support Staff 5 Posted by Steve on 06 Aug, 2015 05:28 PM
Thanks a lot for the info. We are looking into it and will update as soon as we have news.
6 Posted by gvantass on 06 Aug, 2015 05:29 PM
Thank you, sir! I look forward to hearing an update.
7 Posted by Mento on 07 Aug, 2015 02:10 PM
The fix is now in our nightly builds: https://releases.gpgtools.org/nightlies/
Please test it and let me know if it worked.
Regards, Mento
8 Posted by gvantass on 07 Aug, 2015 03:47 PM
Thanks, Mento. that looks to have corrected the issue. The "Store in keychain" option is present and, when checked, does not require re-entry of the passphrase to access the key.
We're all good with this one, now!
gvantass closed this discussion on 07 Aug, 2015 03:47 PM.
Support Staff 9 Posted by Steve on 07 Aug, 2015 06:00 PM
Great. Thanks for helping us test. The fix will be included in the next stable release.
I'm closing this discussion. If you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best, steve
Steve closed this discussion on 07 Aug, 2015 06:00 PM.