[gentoo-user] gnupg fails to decrypt on kmail

[gentoo-user] gnupg fails to decrypt on kmail

[Mick]

Yesterday I updated my system and after a series of:

 revdep-rebuild --library libjpeg.so.7

and

 revdep-rebuild -v -i
 
I thought all was good to go.  Unfortunately, I now noticed that I cannot open 
encrypted messages anymore and signing mail fails.  This points towards gnupg 
which I remerged along with all packages I thought might me relevant.  I 
haven't yet remerged openssl (will try that in a minute) but I am not sure 
that will help.  It's not just smime but also openpgp that fails.

Has anyone else noticed this and have you found any fixes for it?
-- 
Regards,
Mick

Re: [gentoo-user] gnupg fails to decrypt on kmail

[Willie Wong]

On Sun, Feb 21, 2010 at 02:50:09PM +0000, Mick wrote:
> Yesterday I updated my system and after a series of:
> 
>  revdep-rebuild --library libjpeg.so.7
> 
> and
> 
>  revdep-rebuild -v -i
>  
> I thought all was good to go.  Unfortunately, I now noticed that I cannot open 
> encrypted messages anymore and signing mail fails.  This points towards gnupg 
> which I remerged along with all packages I thought might me relevant.  I 
> haven't yet remerged openssl (will try that in a minute) but I am not sure 
> that will help.  It's not just smime but also openpgp that fails.
> 
> Has anyone else noticed this and have you found any fixes for it?

Just a random guess: maybe revdep-rebuild updated to a new version and
configuration files changed? Did you look at the elogs of whatever you
re-emerged yesterday?

Cheers, 

W
-- 
Willie W. Wong                                     wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire 
         et vice versa   ~~~  I. Newton

Re: [gentoo-user] gnupg fails to decrypt on kmail

[Mick]

On Sunday 21 February 2010 15:08:28 Willie Wong wrote:
> On Sun, Feb 21, 2010 at 02:50:09PM +0000, Mick wrote:
> > Yesterday I updated my system and after a series of:
> >
> >  revdep-rebuild --library libjpeg.so.7
> >
> > and
> >
> >  revdep-rebuild -v -i
> >
> > I thought all was good to go.  Unfortunately, I now noticed that I cannot
> > open encrypted messages anymore and signing mail fails.  This points
> > towards gnupg which I remerged along with all packages I thought might me
> > relevant.  I haven't yet remerged openssl (will try that in a minute) but
> > I am not sure that will help.  It's not just smime but also openpgp that
> > fails.
> >
> > Has anyone else noticed this and have you found any fixes for it?
> 
> Just a random guess: maybe revdep-rebuild updated to a new version and
> configuration files changed? Did you look at the elogs of whatever you
> re-emerged yesterday?

Yes and I ran dispatch-conf for a couple of changes.  However, nothing that I 
recall was related to encryption:

     Sat Feb 20 08:05:50 2010 >>> media-libs/jpeg-8
     Sat Feb 20 08:20:29 2010 >>> media-sound/phonon-4.3.80-r1
     Sat Feb 20 08:36:37 2010 >>> media-libs/tiff-3.9.2
     Sat Feb 20 08:39:24 2010 >>> media-libs/libquicktime-1.1.3
     Sat Feb 20 08:42:15 2010 >>> media-libs/gd-2.0.35-r1

Anything else I could look into?
-- 
Regards,
Mick

Re: [gentoo-user] gnupg fails to decrypt on kmail

[Willie Wong]

On Sun, Feb 21, 2010 at 03:32:00PM +0000, Mick wrote:
> On Sunday 21 February 2010 15:08:28 Willie Wong wrote:
> > On Sun, Feb 21, 2010 at 02:50:09PM +0000, Mick wrote:
> > > Yesterday I updated my system and after a series of:
> > >
> > >  revdep-rebuild --library libjpeg.so.7
> > >
> > > and
> > >
> > >  revdep-rebuild -v -i
> > >
> > > I thought all was good to go.  Unfortunately, I now noticed that I cannot
> > > open encrypted messages anymore and signing mail fails.  This points
> > > towards gnupg which I remerged along with all packages I thought might me
> > > relevant.  I haven't yet remerged openssl (will try that in a minute) but
> > > I am not sure that will help.  It's not just smime but also openpgp that
> > > fails.
> > >
> > > Has anyone else noticed this and have you found any fixes for it?
> > 
> > Just a random guess: maybe revdep-rebuild updated to a new version and
> > configuration files changed? Did you look at the elogs of whatever you
> > re-emerged yesterday?
> 
> Yes and I ran dispatch-conf for a couple of changes.  However, nothing that I 
> recall was related to encryption:
> 
>      Sat Feb 20 08:05:50 2010 >>> media-libs/jpeg-8
>      Sat Feb 20 08:20:29 2010 >>> media-sound/phonon-4.3.80-r1
>      Sat Feb 20 08:36:37 2010 >>> media-libs/tiff-3.9.2
>      Sat Feb 20 08:39:24 2010 >>> media-libs/libquicktime-1.1.3
>      Sat Feb 20 08:42:15 2010 >>> media-libs/gd-2.0.35-r1
> 
> Anything else I could look into?

Then I am kind of out of ideas. You mentioned that you remerged gnupg:
was there any warnings or logs at the end of the merge? (If you have
it enabled, the logs maybe stored in /var/log/portage/elog/)

You say that smime and openpgp fails, do you have the error message?
It may help other people who know more about this to answer your
question.

Cheers, 

W
-- 
Willie W. Wong                                     wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire 
         et vice versa   ~~~  I. Newton

Re: [gentoo-user] gnupg fails to decrypt on kmail

[Mick]

On Sunday 21 February 2010 17:01:13 Willie Wong wrote:
> On Sun, Feb 21, 2010 at 03:32:00PM +0000, Mick wrote:
> > On Sunday 21 February 2010 15:08:28 Willie Wong wrote:
> > > On Sun, Feb 21, 2010 at 02:50:09PM +0000, Mick wrote:
> > > > Yesterday I updated my system and after a series of:
> > > >
> > > >  revdep-rebuild --library libjpeg.so.7
> > > >
> > > > and
> > > >
> > > >  revdep-rebuild -v -i
> > > >
> > > > I thought all was good to go.  Unfortunately, I now noticed that I
> > > > cannot open encrypted messages anymore and signing mail fails.  This
> > > > points towards gnupg which I remerged along with all packages I
> > > > thought might me relevant.  I haven't yet remerged openssl (will try
> > > > that in a minute) but I am not sure that will help.  It's not just
> > > > smime but also openpgp that fails.
> > > >
> > > > Has anyone else noticed this and have you found any fixes for it?
> > >
> > > Just a random guess: maybe revdep-rebuild updated to a new version and
> > > configuration files changed? Did you look at the elogs of whatever you
> > > re-emerged yesterday?
> >
> > Yes and I ran dispatch-conf for a couple of changes.  However, nothing
> > that I recall was related to encryption:
> >
> >      Sat Feb 20 08:05:50 2010 >>> media-libs/jpeg-8
> >      Sat Feb 20 08:20:29 2010 >>> media-sound/phonon-4.3.80-r1
> >      Sat Feb 20 08:36:37 2010 >>> media-libs/tiff-3.9.2
> >      Sat Feb 20 08:39:24 2010 >>> media-libs/libquicktime-1.1.3
> >      Sat Feb 20 08:42:15 2010 >>> media-libs/gd-2.0.35-r1
> >
> > Anything else I could look into?
> 
> Then I am kind of out of ideas. You mentioned that you remerged gnupg:
> was there any warnings or logs at the end of the merge? (If you have
> it enabled, the logs maybe stored in /var/log/portage/elog/)
> 
> You say that smime and openpgp fails, do you have the error message?
> It may help other people who know more about this to answer your
> question.

Thanks again for your help.  The problem seems to be with pinentry when gpg is 
invoked manually:

gpg: problem with the agent: No pinentry

and then as a consequence:

gpg: public key decryption failed: General error
gpg: decryption failed: No secret key

However, I have remerged pinentry.  :-(

Initially, I thought this was related to updating media-libs/jpeg-8 and 
library libjpeg.so.7, but it seems that it may be related to qt3 becoming 
deprecated?  Perhaps I should unmask app-crypt/pinentry-0.7.6 which has qt4 in 
its USE flags and try with that?

Meanwhile I just resync'ed and there's a load of kde-4.3.5 updates.  Perhaps I 
was cought up in some major update bonanza and that's why this broke.  I'll 
finish the update and see how it goes.
-- 
Regards,
Mick

Re: [gentoo-user] gnupg fails to decrypt on kmail

[Mick]

On 22 February 2010 06:49, Mick <michaelkintzios@gmail.com> wrote:
> On Sunday 21 February 2010 17:01:13 Willie Wong wrote:
>> On Sun, Feb 21, 2010 at 03:32:00PM +0000, Mick wrote:
>> > On Sunday 21 February 2010 15:08:28 Willie Wong wrote:
>> > > On Sun, Feb 21, 2010 at 02:50:09PM +0000, Mick wrote:
>> > > > Yesterday I updated my system and after a series of:
>> > > >
>> > > >  revdep-rebuild --library libjpeg.so.7
>> > > >
>> > > > and
>> > > >
>> > > >  revdep-rebuild -v -i
>> > > >
>> > > > I thought all was good to go.  Unfortunately, I now noticed that I
>> > > > cannot open encrypted messages anymore and signing mail fails.  This
>> > > > points towards gnupg which I remerged along with all packages I
>> > > > thought might me relevant.  I haven't yet remerged openssl (will try
>> > > > that in a minute) but I am not sure that will help.  It's not just
>> > > > smime but also openpgp that fails.
>> > > >
>> > > > Has anyone else noticed this and have you found any fixes for it?
>> > >
>> > > Just a random guess: maybe revdep-rebuild updated to a new version and
>> > > configuration files changed? Did you look at the elogs of whatever you
>> > > re-emerged yesterday?
>> >
>> > Yes and I ran dispatch-conf for a couple of changes.  However, nothing
>> > that I recall was related to encryption:
>> >
>> >      Sat Feb 20 08:05:50 2010 >>> media-libs/jpeg-8
>> >      Sat Feb 20 08:20:29 2010 >>> media-sound/phonon-4.3.80-r1
>> >      Sat Feb 20 08:36:37 2010 >>> media-libs/tiff-3.9.2
>> >      Sat Feb 20 08:39:24 2010 >>> media-libs/libquicktime-1.1.3
>> >      Sat Feb 20 08:42:15 2010 >>> media-libs/gd-2.0.35-r1
>> >
>> > Anything else I could look into?
>>
>> Then I am kind of out of ideas. You mentioned that you remerged gnupg:
>> was there any warnings or logs at the end of the merge? (If you have
>> it enabled, the logs maybe stored in /var/log/portage/elog/)
>>
>> You say that smime and openpgp fails, do you have the error message?
>> It may help other people who know more about this to answer your
>> question.
>
> Thanks again for your help.  The problem seems to be with pinentry when gpg is
> invoked manually:
>
> gpg: problem with the agent: No pinentry
>
> and then as a consequence:
>
> gpg: public key decryption failed: General error
> gpg: decryption failed: No secret key
>
> However, I have remerged pinentry.  :-(
>
> Initially, I thought this was related to updating media-libs/jpeg-8 and
> library libjpeg.so.7, but it seems that it may be related to qt3 becoming
> deprecated?  Perhaps I should unmask app-crypt/pinentry-0.7.6 which has qt4 in
> its USE flags and try with that?
>
> Meanwhile I just resync'ed and there's a load of kde-4.3.5 updates.  Perhaps I
> was cought up in some major update bonanza and that's why this broke.  I'll
> finish the update and see how it goes.

This is rather debilitating ... I have now update pinentry to 0.7.6
and I still have the same problem.  :-(

I may have to restore my system from a back up just to access my
encrypted data, which is something I'd rather not have to do after a
mammoth kde update.

The elog of pinentry shows this, but I am not sure I understand what
it means, or if it is related to my problem.

======================================

>>> Messages generated by process 10763 on 2010-02-24 07:01:34 GMT for package a
pp-crypt/pinentry-0.7.6:

LOG: postinst
We no longer install pinentry-curses and pinentry-qt SUID root by default.
Linux kernels >=2.6.9 support memory locking for unprivileged processes.
The soft resource limit for memory locking specifies the limit an
unprivileged process may lock into memory. You can also use POSIX
capabilities to allow pinentry to lock memory. To do so activate the caps
USE flag and add the CAP_IPC_LOCK capability to the permitted set of
your users.
======================================

Since invoking gpg on the CLI does not ask for a passphrase and it returns:

  gpg: problem with the agent: No pinentry

I assume that the problem is with pinentry.  Is there some other
application involved here that I should look into?
-- 
Regards,
Mick

Re: [gentoo-user] gnupg fails to decrypt on kmail

[Willie Wong]

On Wed, Feb 24, 2010 at 11:31:34AM +0000, Mick wrote:
> Since invoking gpg on the CLI does not ask for a passphrase and it returns:
> 
>   gpg: problem with the agent: No pinentry
> 
> I assume that the problem is with pinentry.  Is there some other
> application involved here that I should look into?

pinentry is the standalone package to asks for the passphrase for gpg. 
Try up'ing the verbosity on gpg? E.g. run `gpg -vv' on your CLI and
post full output (modulo anything sensitive, of course)?

(Also, a stupid question: at any point did you rebuild gpg? Did you
restart the gpg-agent afterwards?)

Cheers, 

W
-- 
Willie W. Wong                                     wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire 
         et vice versa   ~~~  I. Newton

Re: [gentoo-user] gnupg fails to decrypt on kmail

[Willie Wong]

On Wed, Feb 24, 2010 at 11:31:34AM +0000, Mick wrote:
> Since invoking gpg on the CLI does not ask for a passphrase and it returns:
> 
>   gpg: problem with the agent: No pinentry
> 
> I assume that the problem is with pinentry.  Is there some other
> application involved here that I should look into?

Hum, also, try getting some debug output from gpg-agent: 

(1) 'killall gpg-agent'   (and run ps aux to see if they are really
killed)
(2) Restart gpg-agent via 

 eval 'gpg-agent --daemon --no-detach --debug-level guru --log-file ~/gpg-agent.log' 
(3) Run gpg. 

Look at the content of ~/gpg-agent.log to see if anything is amiss. 

HTH, 

W
-- 
Willie W. Wong                                     wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire 
         et vice versa   ~~~  I. Newton

Re: [gentoo-user] gnupg fails to decrypt on kmail

[Mick]

On Wednesday 24 February 2010 15:03:06 Willie Wong wrote:

> Hum, also, try getting some debug output from gpg-agent:
> 
> (1) 'killall gpg-agent'   (and run ps aux to see if they are really
> killed)
> (2) Restart gpg-agent via
> 
>  eval 'gpg-agent --daemon --no-detach --debug-level guru --log-file
>  ~/gpg-agent.log' (3) Run gpg.
> 
> Look at the content of ~/gpg-agent.log to see if anything is amiss.

Thank you very much for persevering with me!  :-)

I changed your eval argument a bit and this is what I noticed:

eval "$(gpg-agent --daemon --no-detach --debug-level guru --log-file gpg-
agent.log)"
gpg-agent[7276]: enabled debug flags: command mpi crypto memory cache memstat 
hashing assuan

The log file shows:
================================================
2010-02-24 20:32:01 gpg-agent[7276] listening on socket `/tmp/gpg-
IX4A40/S.gpg-agent'
2010-02-24 20:32:01 gpg-agent[7277] gpg-agent (GnuPG) 2.0.14 started
2010-02-24 20:32:13 gpg-agent[7277] SIGINT received - immediate shutdown
2010-02-24 20:32:13 gpg-agent[7277] gpg-agent (GnuPG) 2.0.14 stopped
2010-02-24 20:32:13 gpg-agent[7277] random usage: poolsize=600 mixed=0 
polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
2010-02-24 20:32:13 gpg-agent[7277] secmem usage: 0/32768 bytes in 0 blocks
================================================

However, when I invoke gpg it looks for another socket ... different to the 
one that the agent is listening on.
================================================
$ gpg -vv DATA/some_data.ods.gpg
gpg: using character set `iso-8859-1'
gpg: enabled debug flags: memstat
:pubkey enc packet: version 3, algo 16, keyid <ZZZZZZZZZZZ>
        data: [2048 bits]
        data: [2045 bits]
gpg: public key is XXXXXXXX
gpg: using subkey XXXXXXXX instead of primary key YYYYYYYY

You need a passphrase to unlock the secret key for
user: "me <me@gmail.com>"
gpg: using subkey XXXXXXXX instead of primary key YYYYYYYY
2048-bit ELG key, ID XXXXXXXX, created 2010-01-25 (main key ID YYYYYYYY)

can't connect to `/tmp/gpg-pNLb9Y/S.gpg-agent': No such file or directory
gpg: can't connect to the agent - trying fall back
can't connect to `/home/michael/.gnupg/S.gpg-agent': No such file or directory
gpg: no running gpg-agent - starting one
gpg-agent[7265]: enabled debug flags: assuan
can't connect to `/home/michael/.gnupg/log-socket': Connection refused
gpg: problem with the agent: No pinentry
:encrypted data packet:
        length: 22577
        mdc_method: 2
gpg: encrypted with 2048-bit ELG key, ID XXXXXXXX, created 2010-01-25
      "me <me@gmail.com>"
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key
================================================

Why is this?  Invoking gpg to decrypt different (encrypted) files always 
brings up that socket '/tmp/gpg-pNLb9Y/S.gpg-agent'.  Shouldn't it be a 
different socket each time?

Another thing that shows something has gone south is that pinentry no longer 
asks for a passphrase as shown above.  Also, when I encrypt a file it still 
does not ask for my passphrase - it just encrypts the file!
-- 
Regards,
Mick

Re: [gentoo-user] gnupg fails to decrypt on kmail

[Willie Wong]

On Wed, Feb 24, 2010 at 10:51:38PM +0000, Mick wrote:
> eval "$(gpg-agent --daemon --no-detach --debug-level guru --log-file gpg-
> agent.log)"
> gpg-agent[7276]: enabled debug flags: command mpi crypto memory cache memstat 
> hashing assuan
> 
> The log file shows:
> ================================================
> 2010-02-24 20:32:01 gpg-agent[7276] listening on socket `/tmp/gpg-
> IX4A40/S.gpg-agent'
> 2010-02-24 20:32:01 gpg-agent[7277] gpg-agent (GnuPG) 2.0.14 started
> 2010-02-24 20:32:13 gpg-agent[7277] SIGINT received - immediate shutdown
> 2010-02-24 20:32:13 gpg-agent[7277] gpg-agent (GnuPG) 2.0.14 stopped
> 2010-02-24 20:32:13 gpg-agent[7277] random usage: poolsize=600 mixed=0 
> polls=0/0 added=0/0
>               outmix=0 getlvl1=0/0 getlvl2=0/0
> 2010-02-24 20:32:13 gpg-agent[7277] secmem usage: 0/32768 bytes in 0 blocks
> ================================================
> 
> However, when I invoke gpg it looks for another socket ... different to the 
> one that the agent is listening on.
> ================================================
> $ gpg -vv DATA/some_data.ods.gpg
> gpg: using character set `iso-8859-1'
> gpg: enabled debug flags: memstat
> :pubkey enc packet: version 3, algo 16, keyid <ZZZZZZZZZZZ>
>         data: [2048 bits]
>         data: [2045 bits]
> gpg: public key is XXXXXXXX
> gpg: using subkey XXXXXXXX instead of primary key YYYYYYYY
> 
> You need a passphrase to unlock the secret key for
> user: "me <me@gmail.com>"
> gpg: using subkey XXXXXXXX instead of primary key YYYYYYYY
> 2048-bit ELG key, ID XXXXXXXX, created 2010-01-25 (main key ID YYYYYYYY)
> 
> can't connect to `/tmp/gpg-pNLb9Y/S.gpg-agent': No such file or directory
> gpg: can't connect to the agent - trying fall back
<snip>
> ================================================
> 
> Why is this?  Invoking gpg to decrypt different (encrypted) files always 
> brings up that socket '/tmp/gpg-pNLb9Y/S.gpg-agent'.  Shouldn't it be a 
> different socket each time?

Ack, let's do this one step at a time then. First let's try to figure
out the problem with the gpg-agent. 

This time, run the command from gpg-agent, not inside a eval
statement. Just by itself on the commandline. 

It should spit out the environmental variable GPG_AGENT_INFO.
Copy the content of that variable (so copy the whole thing
GPG_AGENT_INFO="......." )
In a new prompt, first paste the variable, then type gpg -vv *file*

So it should be

GPG_AGENT_INFO="......" gpg -vv DATA/filename.ogg

Quick explanation: gpg finds out where the agent is by looking at the
environmental variable GPG_AGENT_INFO. We want to try to make sure it
is in fact looking at that variable. Take a look at the man pages for
gpg-agent and gpg for more information.

Now look at the output again to see if it is still connecting to the
"wrong" socket. 

W
-- 
Willie W. Wong                                     wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire 
         et vice versa   ~~~  I. Newton

Re: [gentoo-user] gnupg fails to decrypt on kmail

[Mick]

On Thursday 25 February 2010 00:09:17 Willie Wong wrote:
> On Wed, Feb 24, 2010 at 10:51:38PM +0000, Mick wrote:

> > Why is this?  Invoking gpg to decrypt different (encrypted) files always
> > brings up that socket '/tmp/gpg-pNLb9Y/S.gpg-agent'.  Shouldn't it be a
> > different socket each time?

I noticed that this morning (after a reboot) it was looking for a different 
socket ...

> Ack, let's do this one step at a time then. First let's try to figure
> out the problem with the gpg-agent.
[snip...]

> In a new prompt, first paste the variable, then type gpg -vv *file*

============================================
$ gpg-agent --daemon --no-detach --debug-level guru --log-file gpg-agent.log
gpg-agent[6740]: enabled debug flags: command mpi crypto memory cache memstat 
hashing assuan
GPG_AGENT_INFO=/tmp/gpg-5Tgf3a/S.gpg-agent:6741:1; export GPG_AGENT_INFO;
============================================

This is now what the log shows:
============================================
2010-02-25 06:45:53 gpg-agent[6740] listening on socket 
`/tmp/gpg-5Tgf3a/S.gpg-agent'
2010-02-25 06:45:53 gpg-agent[6741] gpg-agent (GnuPG) 2.0.14 started
2010-02-25 06:48:32 gpg-agent[6741] handler 0x98caa38 for fd 7 started
gpg-agent[6741.7] DBG: -> OK Pleased to meet you
gpg-agent[6741.7] DBG: <- RESET
gpg-agent[6741.7] DBG: -> OK
gpg-agent[6741.7] DBG: <- OPTION ttyname=/dev/pts/3
gpg-agent[6741.7] DBG: -> OK
gpg-agent[6741.7] DBG: <- OPTION ttytype=rxvt
gpg-agent[6741.7] DBG: -> OK
gpg-agent[6741.7] DBG: <- OPTION display=:0.0
gpg-agent[6741.7] DBG: -> OK
gpg-agent[6741.7] DBG: <- OPTION lc-ctype=C
gpg-agent[6741.7] DBG: -> OK
gpg-agent[6741.7] DBG: <- OPTION lc-messages=C
gpg-agent[6741.7] DBG: -> OK
gpg-agent[6741.7] DBG: <- OPTION allow-pinentry-notify
gpg-agent[6741.7] DBG: -> OK
gpg-agent[6741.7] DBG: <- GETINFO cmd_has_option GET_PASSPHRASE repeat
gpg-agent[6741.7] DBG: -> OK
gpg-agent[6741.7] DBG: <- GET_PASSPHRASE --data --repeat=0 -- 
A7029FW0V2G567G225FST52689GV822Rf230gkw8F X X 
Please+enter+the+passphrase+to+unlock+the+secret+key+
for+the+OpenPGP+certificate:%0A%22me+<me@gmail.com>%22%0A2048-bit+ELG+key,
+ID+XXXXXXXX,%0Acreated+2010-01-25+(main+key+ID+YYYYYYY).%0A
2010-02-25 06:48:32 gpg-agent[6741] DBG: agent_get_cache 
`A7029FW0V2G567G225FST52689GV822Rf230gkw8F'...
2010-02-25 06:48:32 gpg-agent[6741] DBG: ... miss
2010-02-25 06:48:32 gpg-agent[6741] starting a new PIN Entry
gpg-agent[6741]: can't connect server: `ERR 67109133 can't exec 
`/usr/bin/pinentry-qt': No such file or directory'
2010-02-25 06:48:32 gpg-agent[6741] can't connect to the PIN entry module: IPC 
connect call failed
2010-02-25 06:48:32 gpg-agent[6741] command get_passphrase failed: No pinentry
gpg-agent[6741.7] DBG: -> ERR 67108949 No pinentry <GPG Agent>
gpg-agent[6741.7] DBG: <- [EOF]
2010-02-25 06:48:32 gpg-agent[6741] handler 0x98caa38 for fd 7 terminated
============================================

Why is it trying to call /usr/bin/pinentry-qt?!  

   `ERR 67109133 can't exec `/usr/bin/pinentry-qt'

Is this a valid binary these days, or an older qt3 version?  I think it should 
be /usr/bin/pinentry:

$ ls -la /usr/bin/pinentry
lrwxrwxrwx 1 root root 12 Feb 24 07:01 /usr/bin/pinentry -> pinentry-qt4

Please note that the: "Please+enter+the+passphrase+to+unlock+the+secret+key" 
does not show up on the screen even when I use the gpg -vv option.
-- 
Regards,
Mick

Re: [gentoo-user] gnupg fails to decrypt on kmail

[Willie Wong]

On Thu, Feb 25, 2010 at 07:01:12AM +0000, Mick wrote:
> 2010-02-25 06:48:32 gpg-agent[6741] starting a new PIN Entry
> gpg-agent[6741]: can't connect server: `ERR 67109133 can't exec 
> `/usr/bin/pinentry-qt': No such file or directory'
> 2010-02-25 06:48:32 gpg-agent[6741] can't connect to the PIN entry module: IPC 
> connect call failed

<snip>

> Why is it trying to call /usr/bin/pinentry-qt?!  
> 
>    `ERR 67109133 can't exec `/usr/bin/pinentry-qt'
> 
> Is this a valid binary these days, or an older qt3 version?  I think it should 
> be /usr/bin/pinentry:
> 
> $ ls -la /usr/bin/pinentry
> lrwxrwxrwx 1 root root 12 Feb 24 07:01 /usr/bin/pinentry -> pinentry-qt4

Looks like you found your problem. I am not absolutely sure why
pinentry-qt is the default now. The man page says that running
'gpg-agent --version' will tell you what the default pinentry program
it calls is, and that depends on installation. So maybe file a bug? I
don't know whether this is a configuration/USE issue or something
hardcoded in the distribution. 

In any case, two work-arounds are available:
  *) create a symlink of pinentry-qt to your actual pinentry binary.
  *) start gpg-agent with the '--pinentry-program' option. 

Cheers, 

W
-- 
Willie W. Wong                                     wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire 
         et vice versa   ~~~  I. Newton

Re: [gentoo-user] gnupg fails to decrypt on kmail

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1650 bytes --]

On Thursday 25 February 2010 11:18:54 Willie Wong wrote:
> On Thu, Feb 25, 2010 at 07:01:12AM +0000, Mick wrote:

> > Why is it trying to call /usr/bin/pinentry-qt?!
> >
> >    `ERR 67109133 can't exec `/usr/bin/pinentry-qt'
> >
> > Is this a valid binary these days, or an older qt3 version?  I think it
> > should be /usr/bin/pinentry:
> >
> > $ ls -la /usr/bin/pinentry
> > lrwxrwxrwx 1 root root 12 Feb 24 07:01 /usr/bin/pinentry -> pinentry-qt4
> 
> Looks like you found your problem. I am not absolutely sure why
> pinentry-qt is the default now. The man page says that running
> 'gpg-agent --version' will tell you what the default pinentry program
> it calls is, and that depends on installation. 

Hmm ... I saw that but I can't see the pinentry in there:

$ gpg-agent --version
gpg-agent (GnuPG) 2.0.14
libgcrypt 1.4.5
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

> So maybe file a bug? I
> don't know whether this is a configuration/USE issue or something
> hardcoded in the distribution.

I will file a bug, but I am not entirely sure what I should file it under, so 
that it does not get rejected:

gpg-agent which is calling pinentry-qt?

app-crypt/pinentry, because it's done away with my previous pinentry-qt 
symlink to the pinentry binary?

qt3 to qt4 move (in case this is linked to qt3 becoming deprecated)?

Thank you so much for holding my hand on this!  :-)
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] gnupg fails to decrypt on kmail

[Willie Wong]

On Thu, Feb 25, 2010 at 08:45:27PM +0000, Mick wrote:
> > So maybe file a bug? I
> > don't know whether this is a configuration/USE issue or something
> > hardcoded in the distribution.
> 
> I will file a bug, but I am not entirely sure what I should file it under, so 
> that it does not get rejected:
> 
> gpg-agent which is calling pinentry-qt?

I'd file it against gpg-agent and hope that if it is something related
to the qt3-qt4 transition, one of the bug-wranglers will cc the qt
team. I'd probably also file it as either minor or enhancement, since
technically the man page does warn you about it. 

Normally I would ask around the list first to see if anyone can
reproduce your problem before filing a bug. But since I've practically
the only one answering your mail on this issue.... Let's hope that it
is either reproducible or that the bug wranglers can find out a
trivial reason why it isn't. 

Cheers, 

W

-- 
Willie W. Wong                                     wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire 
         et vice versa   ~~~  I. Newton