How to have gpg-agent prompt for password on tty

xpt's Avatar

xpt

15 Jul, 2014 02:54 AM

Hi,

Trying everything to get gpg-agent prompt for password on tty here, but no luck. Every time it just fails without asking the password.

Here is how I debug it:

$ eval $(gpg-agent --daemon --debug-level 9 --pinentry-program /usr/bin/pinentry-curses | tee /dev/tty)
gpg-agent[8217]: enabled debug flags: command mpi crypto memory cache memstat assuan
gpg-agent[8217]: listening on socket `/tmp/gpg-49YPTS/S.gpg-agent'
gpg-agent[8219]: gpg-agent (GnuPG) 2.0.20 started
GPG_AGENT_INFO=/tmp/gpg-49YPTS/S.gpg-agent:8219:1; export GPG_AGENT_INFO;

Note that, this session socket is /tmp/gpg-49YPTS/S.gpg-agent'.

Here is how I test:

$ echo "test" | gpg -ase
You need a passphrase to unlock the secret key for
user: ...
4096-bit RSA key, ID 31..., created 2013-05-21

gpg-agent[8219]: handler 0x7ffc746f7f10 for fd 6 started
gpg-agent[8219]: chan_6 -> OK Pleased to meet you, process 8271
gpg-agent[8219]: chan_6 <- OPTION display=:0
gpg-agent[8219]: chan_6 -> OK
gpg-agent[8219]: chan_6 <- OPTION ttyname=/dev/tty
gpg-agent[8219]: chan_6 -> OK
gpg-agent[8219]: chan_6 <- OPTION ttytype=xterm
gpg-agent[8219]: chan_6 -> OK
gpg-agent[8219]: chan_6 <- OPTION lc-ctype=C
gpg-agent[8219]: chan_6 -> OK
gpg-agent[8219]: chan_6 <- OPTION lc-messages=C
gpg-agent[8219]: chan_6 -> OK
gpg-agent[8219]: chan_6 <- GET_PASSPHRASE A7798...,+created+2013-05-21%0A
gpg-agent[8219]: DBG: agent_get_cache `A7798...'...
gpg-agent[8219]: DBG: ... miss
gpg-agent[8219]: starting a new PIN Entry
gpg-agent[8219]: chan_7 <- OK Your orders please
gpg-agent[8219]: DBG: connection to PIN entry established
gpg-agent[8219]: chan_7 -> OPTION grab
gpg-agent[8219]: chan_7 <- OK
gpg-agent[8219]: chan_7 -> OPTION ttyname=/dev/tty
gpg-agent[8219]: chan_7 <- OK
gpg-agent[8219]: chan_7 -> OPTION ttytype=xterm
gpg-agent[8219]: chan_7 <- OK
gpg-agent[8219]: chan_7 -> OPTION lc-ctype=C
gpg-agent[8219]: chan_7 <- OK
gpg-agent[8219]: chan_7 -> OPTION lc-messages=C
gpg-agent[8219]: chan_7 <- OK
gpg-agent[8219]: chan_7 -> OPTION default-ok=_OK
gpg-agent[8219]: chan_7 <- OK
gpg-agent[8219]: chan_7 -> OPTION default-cancel=_Cancel
gpg-agent[8219]: chan_7 <- OK
gpg-agent[8219]: chan_7 -> OPTION default-prompt=PIN:
gpg-agent[8219]: chan_7 <- OK
gpg-agent[8219]: chan_7 -> OPTION touch-file=/tmp/gpg-49YPTS/S.gpg-agent
gpg-agent[8219]: chan_7 <- OK
gpg-agent[8219]: chan_7 -> GETINFO pid
gpg-agent[8219]: chan_7 <- D 8272
gpg-agent[8219]: chan_7 <- OK
gpg-agent[8219]: chan_7 -> SETDESC You need a passphrase to unlock the secret key for user:..., created 2013-05-21%0A
gpg-agent[8219]: chan_7 <- OK
gpg-agent[8219]: chan_7 -> SETPROMPT Passphrase
gpg-agent[8219]: chan_7 <- OK
gpg-agent[8219]: chan_7 -> [[Confidential data not shown]]
gpg-agent[8219]: chan_7 <- [[Confidential data not shown]]
gpg-agent[8219]: chan_7 -> BYE
gpg-agent[8219]: command get_passphrase failed: Operation cancelled
gpg-agent[8219]: chan_6 -> ERR 83886179 Operation cancelled <Pinentry>
gpg: cancelled by user
gpg-agent[8219]: chan_6 <- BYE
gpg-agent[8219]: chan_6 -> OK closing connection
gpg-agent[8219]: handler 0x7ffc746f7f10 for fd 6 terminated
gpg-agent[8219]: handler 0x7ffc746f6460 for fd 6 started
gpg-agent[8219]: chan_6 -> OK Pleased to meet you, process 8271
gpg-agent[8219]: chan_6 <- OPTION display=:0
gpg-agent[8219]: chan_6 -> OK
gpg-agent[8219]: chan_6 <- OPTION ttyname=/dev/tty
gpg-agent[8219]: chan_6 -> OK
gpg-agent[8219]: chan_6 <- OPTION ttytype=xterm
gpg-agent[8219]: chan_6 -> OK
gpg-agent[8219]: chan_6 <- OPTION lc-ctype=C
gpg-agent[8219]: chan_6 -> OK
gpg-agent[8219]: chan_6 <- OPTION lc-messages=C
gpg-agent[8219]: chan_6 -> OK
gpg-agent[8219]: chan_6 <- CLEAR_PASSPHRASE A77985AD72B4CA08D8C5BF79885FDAB331FED834
gpg-agent[8219]: DBG: agent_put_cache `A7798...' requested ttl=0 mode=3
gpg-agent[8219]: chan_6 -> OK
gpg: no default secret key: bad passphrase
gpg: [stdin]: sign+encrypt failed: bad passphrase
gpg-agent[8219]: chan_6 <- BYE
gpg-agent[8219]: chan_6 -> OK closing connection
gpg-agent[8219]: handler 0x7ffc746f6460 for fd 6 terminated

Note that, this is in fact from session /tmp/gpg-49YPTS/S.gpg-agent'. It just fails without asking the password.

Here are all relevant info I can think of:

$ gpg --version 
gpg (GnuPG) 1.4.14

$ gpg-agent --version 
gpg-agent (GnuPG) 2.0.20
libgcrypt 1.5.0

$ ls -l /usr/bin/pinentry-curses
-rwxr-xr-x 1 root root 48128 2012-10-08 08:51 /usr/bin/pinentry-curses

$ file /usr/bin/pinentry-curses
/usr/bin/pinentry-curses: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0xb5108b633b33490056207cd0bde87a6b4ab4e2f8, stripped

$ apt-cache policy pinentry-curses
pinentry-curses:
Installed: 0.8.1-1ubuntu2
Candidate: 0.8.1-1ubuntu2
Version table:
*** 0.8.1-1ubuntu2 0
500 http://us.archive.ubuntu.com/ubuntu/ saucy/universe amd64 Packages
100 /var/lib/dpkg/status

$ apt-cache policy gnupg
gnupg:
Installed: 1.4.14-1ubuntu2
Candidate: 1.4.14-1ubuntu2.2
Version table:
1.4.14-1ubuntu2.2 0
500 http://us.archive.ubuntu.com/ubuntu/ saucy-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ saucy-security/main amd64 Packages
100 /var/lib/dpkg/status


$ apt-cache policy gnupg-agent
gnupg-agent:
Installed: 2.0.20-1ubuntu3.1
Candidate: 2.0.20-1ubuntu3.1
Version table:
*** 2.0.20-1ubuntu3.1 0
500 http://us.archive.ubuntu.com/ubuntu/ saucy-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ saucy-security/main amd64 Packages
100 /var/lib/dpkg/status

People all over the internet are asking the same question, without an answer.
Please help. Thanks.

  1. Support Staff 1 Posted by Luke Le on 16 Jul, 2014 01:27 PM

    Luke Le's Avatar

    Hi xpt,

    if you're using gnupg on Linux, please try the people at gnupg.org
    On Mac you can set the following environment variable:

    export PINENTRY_USER_DATA="USE_CURSES=1"

    After that, you'll be presented with a curses interface on the command line.

  2. 2 Posted by Mike Tecson on 28 Aug, 2014 03:06 PM

    Mike Tecson's Avatar

    I'm having problems with this too. I have the following in my .bashrc:

    export GPG_TTY=tty
    export PINENTRY_USER_DATA="USE_CURSES=1"

    It works fine as long as I am logged into the OS X GUI. I get a curses password prompt in Terminal.app or via a remote SSH session. However, if I'm not logged in (just connected via SSH), pinentry-mac locks up before displaying anything and I have to ^C out of it.

    Does pinentry-mac require the WindowServer? Doesn't that kind of defeat the purpose of USE_CURSES?

  3. Support Staff 3 Posted by Luke Le on 19 Sep, 2014 11:44 AM

    Luke Le's Avatar

    Hi Mike,

    it's very much possible that pinentry-mac requires the WindowServer. We've only added the USE_CURSES patch to have any sort of workaround.
    You might want to try to install pinentry (command line version) from homebrew for the time being.
    I'll create a ticket for this issue.

  4. Support Staff 4 Posted by Luke Le on 19 Sep, 2014 11:46 AM

    Luke Le's Avatar

    Under the following ticket you can track progress:
    http://gpgtools.lighthouseapp.com/projects/66001/tickets/138

  5. 5 Posted by Joe on 11 Dec, 2014 01:27 PM

    Joe's Avatar

    Can you guys tell me if it's possible to pass the passphrase through using Windows command prompt? And prevent the pop-up for the passphrase?

  6. Support Staff 6 Posted by Steve on 26 Jan, 2015 10:24 PM

    Steve's Avatar

    HI xpt et all,

    this should be fixed. Could you please download and install our latest nightly build and see if the problem persists. That page also has sig and SHA1 to verify the download.

    All the best, steve

    Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.

  7. Support Staff 7 Posted by Steve on 12 Feb, 2015 12:23 PM

    Steve's Avatar

    This fix is included in GPG Suite beta 5.

  8. Steve closed this discussion on 12 Feb, 2015 12:23 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac