pinentry requiring passphrase every couple of hours

gvantass's Avatar

gvantass

27 Jul, 2015 10:41 AM

Pinentry for Mac

MacGPG2 2.0.28 (build 851n)
GPG Keychain 1.2 build 1131n
GPGServices 1.10 build 859n

I installed GPGSuite nightly build 1395n the other day. Since then, I am prompted to enter my key passphrase every couple of hours, even though I have "Store passphrases in OS X Keychain" selected in the settings. There is no entry for gnupg in my OS X keychain

What did you expect instead

Behavior expected would be that GPG key passphrases would be managed by pinentry and OS X keychain automatically, rather than having to manually enter passphrases

Describe steps leading to the problem.

Open Mail, prompted for passphrase. Enter passphrase. Leave Mail open for several hours and I am periodically prompted for passphrase entry.

  1. Support Staff 1 Posted by Steve on 06 Aug, 2015 01:06 PM

    Steve's Avatar

    HI Geordon,

    to resolve this, could you please download and install our latest nightly build and see if the problem persists. That page also has sig and SHA1 to verify the download.

    Once we are sure you are on the latest GPG Suite nightly build, open GPGPreferences and press the "Delete stored passphrases" button. Next set the caching time to store your passphrase to a very low value.

    Open Mail and select some encrypted mail or try to write a signed mail. In both cases you should only be asked once for your passphrase and "store in keychain" should be enabled in the pinentry dialog. After that your passphrase should be grabbed from the OS X keychain.

    Please let me know if that worked.

    All the best, steve

    Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.

  2. 2 Posted by gvantass on 06 Aug, 2015 04:23 PM

    gvantass's Avatar

    I downloaded the latest nightly, checked sig (which was good), installed it, and rebooted for good measure.

    Went into GPGPreferences, deleted stored keys and changed the cache time to 5 seconds and made sure that "Store in OS X keychain" was selected.

    Opened Mail.app, selected an encrypted mail, got prompted by pinentry for passphrase. There was no option to "store in keychain" in the pinentry dialog.

    Waited a minute to let the cache expire, then selected a different encrypted email. Was prompted again for passphrase.

    I have included screen grabs of my GPG versions and the pinentry dialog box.

    Thanks!

  3. Support Staff 3 Posted by Steve on 06 Aug, 2015 04:49 PM

    Steve's Avatar

    Hey Geordon,

    thanks for the screenshots and the update. The pinentry you are using does not work with the MacGPG2 you have on your machine.

    1. open a new finder window
    2. press ⇧⌘G and paste '~/.gnupg/gpg-agent.conf' without the '

    In the gpg-agent.conf file, pinentry-program should be /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac .

    If that is not the case, please copy that part and paste it into this discussion.

  4. 4 Posted by gvantass on 06 Aug, 2015 04:51 PM

    gvantass's Avatar

    /Library/Frameworks/Libmacgpg.framework/Versions/A/Resources/pinentry-mac.app/

    Looks like my pinentry app is wrong.

  5. Support Staff 5 Posted by Steve on 06 Aug, 2015 05:28 PM

    Steve's Avatar

    Thanks a lot for the info. We are looking into it and will update as soon as we have news.

  6. 6 Posted by gvantass on 06 Aug, 2015 05:29 PM

    gvantass's Avatar

    Thank you, sir! I look forward to hearing an update.

  7. Support Staff 7 Posted by Mento on 07 Aug, 2015 02:10 PM

    Mento's Avatar

    The fix is now in our nightly builds: https://releases.gpgtools.org/nightlies/
    Please test it and let me know if it worked.

    Regards, Mento

  8. 8 Posted by gvantass on 07 Aug, 2015 03:47 PM

    gvantass's Avatar

    Thanks, Mento. that looks to have corrected the issue. The "Store in keychain" option is present and, when checked, does not require re-entry of the passphrase to access the key.

    We're all good with this one, now!

  9. gvantass closed this discussion on 07 Aug, 2015 03:47 PM.

  10. Support Staff 9 Posted by Steve on 07 Aug, 2015 06:00 PM

    Steve's Avatar

    Great. Thanks for helping us test. The fix will be included in the next stable release.

    I'm closing this discussion. If you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    Best, steve

  11. Steve closed this discussion on 07 Aug, 2015 06:00 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac