gpg CLI actions timing out?
Which of our tools is giving you problems?
GPG CLI
Attach a screenshot of the version info for all installed components (how to: https://gpgtools.tenderapp.com/kb/faq/where-can-i-find-version-info...):
Attached
Describe your problem. Add as much detail as possible.
I have a script that imports a secret key from a file and then immediately issues a delete key command which waits for me to acknowledge it to continue before proceeding. I usually do a few operations with the imported key in GPG Keyhain and then go back to my terminal window and say "yes" to the delete prompt and then "yes" again to the really delete prompt because it is a secret key. After that, I get the same 2 prompts as UI pop-ups and once I acknowledge both of those the secret key is deleted.
Today, I got distracted with another issue and let the terminal waiting for some time before coming back and saying "yes" to the 2 CLI prompts. After that though, I noticed the 2 UI prompts did not pop-up and when I checked my keyring I found the secret key had not been deleted.
I'm not sure if this is the result of an idle timeout or some other aspect of my usage pattern like the computer screen lock kicking in or the computer going to sleep or what, but it seemed odd/unexpected so I'm reporting it here.
What did you expect instead
I expected the CLI command to delete the secret key.
Describe steps leading to the problem.
The script does the following:
#!/bin/bash
KEYFILE=/patch/to/encrypted/secretkey.asc
gpg ${KEYFILE}.asc
gpg --batch --import < ${KEYFILE}
rm -f ${KEYFILE}
echo "REMEMBER TO DELETE PRIVATE KEY WHEN FINISHED"
gpg --delete-secret-keys 0xKEYID
Are you using any other Mail.app plugins?
No
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Luke Le on 03 Apr, 2023 01:30 PM
Hi gpg_dude,
hmm... this is rather strange. Could you send a screenshot of the 2 UI prompts you are seeing?
It might be somehow possible that GPG Keychain and the cli compete over a lock or something like that, but from your description alone I can't see that.
2 Posted by gpg_dude on 03 Apr, 2023 05:27 PM
See attached - also included the CLI prompts which I assume the UI ones are mirroring
Support Staff 3 Posted by Luke Le on 17 Apr, 2023 03:32 PM
Hi gpg_dude,
ok, so apparently our support platform just swallowed my answer to you.
The behavior you saw is in fact the result of timeout of pinentry-mac in combination with gpg-agent. Since the default for both operations is no, as seen by the capitalized letters, a timeout results in the default to be accepted presumably.
4 Posted by gpg_dude on 24 Apr, 2023 07:36 PM
Is it possible to change this behavior so the prompts generated by a CLI invocation of gpg2 are only shown in the CLI terminal vs. the CLI and the GUI? I've tried adding --pinentry-mode loopback but that just fails outright:
Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
gpg: deleting secret key failed: No pinentry
gpg: deleting secret subkey failed: No pinentry
gpg: 0x86AFCDFB: delete key failed: No pinentry
Support Staff 5 Posted by Luke Le on 25 Apr, 2023 08:58 PM
Yes that is possible by telling pinentry to use curses:
export PINENTRY_USER_DATA="USE_CURSES=1"
Please let us know if that worked.
Cheers
6 Posted by gpg_dude on 25 Apr, 2023 09:56 PM
That does seem to change the 3rd & 4th prompts from UI pop-ups to curses-based ones. Thanks!
Support Staff 7 Posted by Luke Le on 26 Apr, 2023 07:59 AM
Great to hear that!
Closing this discussion. Feel free to open a new one at any time should you run into problems or have questions.
Luke Le closed this discussion on 26 Apr, 2023 07:59 AM.