Mail.app - pinentry-mac - UNIX error exception: 17

Andrew's Avatar

Andrew

29 Mar, 2018 07:15 PM

UNIX error exception: 17

I am getting this error in Console every time I try to send a signed message, and the message never sends, even though it looks like it did. I never get prompted for a password from pinentry. I am using pinentry 0.9.4 from MacPorts. Encrypting via the Services menu works.

~/.gnupg/gpg-agent.conf:

default-cache-ttl 600
max-cache-ttl 7200
pinentry-program /Applications/MacPorts/pinentry-mac.app/Contents/MacOS/pinentry-mac
allow-loopback-pinentry

Maybe useful?

default  15:07:51.003831 -0400   pinentry-mac    UNIX error exception: 17
default 15:07:51.009093 -0400   pinentry-mac    UNIX error exception: 17
default 15:07:51.012981 -0400   pinentry-mac    UNIX error exception: 17
default 15:07:51.016638 -0400   pinentry-mac    UNIX error exception: 17
default 15:07:51.020598 -0400   pinentry-mac    UNIX error exception: 17
default 15:07:51.025059 -0400   pinentry-mac    UNIX error exception: 17
error   15:07:51.036320 -0400   WindowServer    [ERROR] - Unknown CGXDisplayDevice: 0x41dc9d00
error   15:07:51.036815 -0400   WindowServer    [ERROR] - Unknown CGXDisplayDevice: 0x41dc9d00
error   15:07:51.041981 -0400   WindowServer    [ERROR] - Unknown CGXDisplayDevice: 0x41dc9d00
error   15:07:51.042476 -0400   WindowServer    [ERROR] - Unknown CGXDisplayDevice: 0x41dc9d00
default 15:07:51.061990 -0400   securityd   0x7fddafe419b0(0x7fddb1820b60) is unlocked; decoding for makeUnlocked()
default 15:07:51.068838 -0400   securityd   MacOS error: -67062
default 15:07:51.070885 -0400   securityd   MacOS error: -67062
default 15:07:51.072316 -0400   securityd   code requirement check failed (-67062), client is not Apple-signed
default 15:07:51.072424 -0400   securityd   MacOS error: -67062
default 15:07:51.073855 -0400   securityd   MacOS error: -67062
  1. Support Staff 1 Posted by Luke Le on 30 Mar, 2018 05:41 PM

    Luke Le's Avatar

    Hi Andrew,

    are you generally using gnupg from macports?
    In which case, could you try using our MacGPG2 and pinentry-mac?

  2. 2 Posted by Andrew on 31 Mar, 2018 06:26 AM

    Andrew's Avatar

    I am using gnupg from MacGPG2. pinentry-mac is from MacPorts.

     $ gpg --version
    gpg (GnuPG/MacGPG2) 2.2.3
    libgcrypt 1.8.1
    Copyright (C) 2017 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.
    
    Home: /Users/tatsh/.gnupg
    Supported algorithms:
    Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
    Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
            CAMELLIA128, CAMELLIA192, CAMELLIA256
    Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compression: Uncompressed, ZIP, ZLIB, BZIP2
    

    Only thing I can think to do is try rebooting and I will soon but this did work before and I am not sure if it stopped working after upgrading to High Sierra.

  3. Support Staff 3 Posted by Luke Le on 31 Mar, 2018 07:15 AM

    Luke Le's Avatar

    It sounds more like pinentry from MacPorts has some problems. Please change the pinentry-program Option to point to ours, which is located in:

    /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
    

    After that, kill gpg-agent and try again.

    Hope that helps.

  4. Support Staff 4 Posted by Luke Le on 31 Mar, 2018 07:16 AM

    Luke Le's Avatar

    Also please remove the option allow-loopback-pinentry

  5. 5 Posted by Andrew on 31 Mar, 2018 08:06 AM

    Andrew's Avatar

    So I updated macOS and rebooted. I set pinentry-program to the one from MacGPG2 and Mail finally showed the dialog to enter my password, but it does not give any feedback if I type the wrong password. Mail kept asking for my password then would try to send the mail but it would not send.

    I checked with gpg --sign --armor in the terminal which uses my key as the default and that asked for the password. I gave this (and tried again to ensure agent saved it) and then I went back to Mail. Mail did not prompt for a password, signed, and sent. I am not sure how I can prevent this issue in the future. Are there things I can check? I don't think running gpg --sign --armor once on every boot is very nice.

    I did not have GPG_TTY set in the terminal. Is this required?

  6. Support Staff 6 Posted by Luke Le on 06 Apr, 2018 12:54 PM

    Luke Le's Avatar

    Hi Andrew,

    did you remove the allow-loopback-pinentry line from your gpg-agent.conf? If you didn't, please do so, kill gpg-agent and try again.
    What you are describing sounds very unfamiliar, so I believe this might still be related to your previous custom installation.

  7. 7 Posted by Andrew on 07 Apr, 2018 09:12 PM

    Andrew's Avatar

    I removed the allow-loopback-pinentry and restarted the agent. The pinentry-mac dialog shows up when I try to send mail, I type the correct password, but the mail stays in the Drafts box. Console does not seem to show any useful information. Should I enable something to debug this?

    If I do an action in my terminal before using Mail like gpg --sign --armor -r EMAIL_ADDRESS <<< 'a', Mail sends the mail like normal.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac