Ubuntu
pinentry package

gnupg: No secret key (gpg-agent / pinentry interaction issue)

Bug #1647364 reported by Horst Schirmeier
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
pinentry (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Since migration from gnupg 1.x to 2.1.15, gpg cannot decrypt my files anymore:

$ gpg -d < foo.gpg
gpg: encrypted with 4096-bit ELG key, ID XXXXXXXXX, created XXXX-XX-XX
      "XXX <xxx>"
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key

Increasing the gpg-agent loglevel reveals the following (note that in the whole process I was never prompted for my passphrase):

gpg-agent[11397] DBG: chan_5 -> INQUIRE PINENTRY_LAUNCHED 11477
gpg-agent[11397] DBG: chan_5 <- END
gpg-agent[11397] DBG: chan_6 -> SETKEYINFO n/XXXXXXXXXXXXXXXXX
gpg-agent[11397] DBG: chan_6 <- OK
gpg-agent[11397] DBG: chan_6 -> SETDESC Please enter the passphrase to unlock the OpenPGP secret key: ......
gpg-agent[11397] DBG: chan_6 <- OK
gpg-agent[11397] DBG: chan_6 -> SETPROMPT Passphrase:
gpg-agent[11397] DBG: chan_6 <- OK
gpg-agent[11397] DBG: chan_6 -> [[Confidential data not shown]]
gpg-agent[11397] DBG: chan_6 <- [[Confidential data not shown]]
gpg-agent[11397] DBG: error calling pinentry: Operation cancelled <Pinentry>
gpg-agent[11397] DBG: chan_6 -> BYE
gpg-agent[11397] failed to unprotect the secret key: Operation cancelled
gpg-agent[11397] failed to read the secret key
gpg-agent[11397] command 'PKDECRYPT' failed: Operation cancelled <Pinentry>
gpg-agent[11397] DBG: chan_5 -> ERR 83886179 Operation cancelled <Pinentry>
gpg-agent[11397] DBG: chan_5 <- [eof]

This looks a lot like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839547 -- which has a fix in pinentry/0.9.7-6 but hasn't made it to Ubuntu 16.10 yet.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in pinentry (Ubuntu):
status: New → Confirmed
Revision history for this message
Alejandro R. Mosteo (mosteo) wrote :

Same here since upgrade to 16.10, working in the command line.

I've tried installing pinentry-gnome3 1.0.0-1 from the Z release without success.

When encrypting, no default recipient is detected due to a supposed missing private key. I can still encrypt when asked for recipients in the command line, giving my ID:

$ touch x
$ gpg -e x
gpg: Oops: keyid_from_fingerprint: no pubkey
You did not specify a user ID. (you may use "-r")

Current recipients:

Enter the user ID. End with an empty line:

When decrypting I'm not asked for any keys, just getting this error:

$ gpg -d x.gpg
gpg: encrypted with 4096-bit ELG key, ID XXXXXXXXXXXXXXXX, created 2016-09-15
      (personal info removed here)
gpg: decryption failed: No secret key

Everything works normally in a Trusy schroot in the same machine, using the same .gnupg folder.

I hadn't heard about pinentry until reading this bug report, anyway. Never used it.

Revision history for this message
Alejandro R. Mosteo (mosteo) wrote :

Just to report that the bug is still present in 17.04, and still using the 16.04 jail as workaround.

Revision history for this message
Horst Schirmeier (horst) wrote :

Cannot reproduce in 17.10 anymore, seems to be fixed. Can the other commenters confirm this?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.