Re: Unable to sign or decrypt with card

Philip Jackson Mon, 11 Sep 2017 10:01:12 -0700

On 10/09/17 16:52, Werner Koch wrote:
> On Sat,  9 Sep 2017 14:54, philip.jack...@nordnet.fr said:
> 
>> Suggestions as to how to check and correct this situation would be
>> appreciated.
> 
> Newer versions of gpg should print a better error message; at least with
> -v.  I guess that your pinentry is not installed or can't be used.


I don't think the pinentry is a problem. When I launch the command to
decrypt a document, the pinentry dialog box opens, I enter the pin and
click ok and the operation promptly fails.

> Do you have the option "pinentry-program" in your gpg-agent.conf ?  Then
> check that it is really there.

I looked in gpg-agent.conf and found that I had commented out the
pinentry-program line back around March 2015 when I was trying to move
from gpg 2.0.22 to 2.0.26 and I was getting two pinentry dialog boxes
when trying to decrypt emails in enigmail. Commenting out the line in
gpg-agent.conf solved this problem at the time and the file has remained
like this ever since.

However, just to check, I uncommented it (and pinentry-gtk-2 is
installed on the machine) :

pinentry-program /usr/bin/pinentry-gtk-2

and tried again to decrypt the document.  The only difference was that
this time the pinentry dialog box carried the name of 'pinentry-gtk-2'
instead of being anonymous. But the operation failed just the same.

> 
> Is the environment variable GPG_TTY set as describen in the manual?

GPG_TTY=/dev/pts/6

Which doesn't mean much to me, I'm afraid.

> Do you get a prompt when calling "pinentry"?  If so, does it show up a
> window after entering "getpin"?

Yes, pinentry gives 'OK Pleased to meet you' and a prompt. Then entering
getpin produces the pinentry box in which I enter the pin and the next
line is
D zzzzzz  (where zzzzzz is the pin I entered) followed by
OK

> 
> More information about gpg-agent an pinentry interaction can be seen by
> putting
> 
> --8<---------------cut here---------------start------------->8---
> log-file /somewhere/gpg-agent.log
> verbose
> debug ipc
> debug-pinentry
> --8<---------------cut here---------------end--------------->8---
> 
> into gpg-agent.conf and restarting gpg-agent ("pkill gpg-agent" or
> "gpgconf --kill gpg-agent").

OK, I added this to gpg-agent.conf and I now have a log file of a single
attempt to decrypt a sample file with command :

gpg2 -v -o encrypt-decrypt -d encrypt_test.gpg

This produced the pinentry dialog into which I put my pin and the
operation promptly failed with this on the screen :

# off=0 ctb=85 tag=1 hlen=3 plen=268
:pubkey enc packet: version 3, algo 1, keyid 79D467BFF5DF6C91
        data: [2048 bits]
gpg: public key is 0x79D467BFF5DF6C91
gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg: waiting for the agent to come up ... (5s)
gpg: connection to agent established
gpg: using subkey 0x79D467BFF5DF6C91 instead of primary key
0x26BD500A23543A63
# off=271 ctb=d2 tag=18 hlen=2 plen=0 partial new-ctb
:encrypted data packet:
        length: unknown
        mdc_method: 2
gpg: using subkey 0x79D467BFF5DF6C91 instead of primary key
0x26BD500A23543A63
gpg: encrypted with 2048-bit RSA key, ID 0x79D467BFF5DF6C91, created
2014-10-28
      "Philip Jackson (Jan 2013 +) <philip.jack...@nordnet.fr>"
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key

I have the log file which I attach.

It shows  a number of reports of the same error  (lines 89,91,97,99,101)
ERR 83886254 Unknown option <PINentry>, before it asks me for the pin
(line 111). It says 'confidential data not shown' three times but I only
entered the pin once.

Can you determine anything from this ?

Regards,
Philip

2017-09-11 18:10:21 gpg-agent[8971] listening on socket '/home/pnj/.gnupg/S.gpg-agent'
2017-09-11 18:10:21 gpg-agent[8971] listening on socket '/home/pnj/.gnupg/S.gpg-agent.ssh'
2017-09-11 18:10:21 gpg-agent[8972] gpg-agent (GnuPG) 2.1.11 started
2017-09-11 18:10:22 gpg-agent[8972] handler 0x7f4d7704e700 for fd 6 started
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK Pleased to meet you, process 8969
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- RESET
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION ttyname=/dev/pts/2
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION ttytype=xterm
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION display=:0.0
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION xauthority=/home/pnj/.Xauthority
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION putenv=XMODIFIERS=@im=none
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION putenv=GTK_IM_MODULE=xim
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-zLr7i70F2W
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION lc-ctype=en_GB.UTF-8
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION lc-messages=en_GB.UTF-8
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- GETINFO version
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> D 2.1.11
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION allow-pinentry-notify
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- OPTION agent-awareness=2.1.0
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- AGENT_ID
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> ERR 67109139 Unknown IPC command <GPG Agent>
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- HAVEKEY 0F3368A8683B640E2C7C7A1CEFE9372811C02E75
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- HAVEKEY B89811929A718661BF18EA9C1AD7D925412E1A1B 2EF997CC38758AD52242A52EF4706753095138FC 859BD53F4A294CBD229655F7948D9A8A112D50BE 0F3368A8683B640E2C7C7A1CEFE9372811C02E75
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- HAVEKEY 0F3368A8683B640E2C7C7A1CEFE9372811C02E75
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- RESET
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- SETKEY 0F3368A8683B640E2C7C7A1CEFE9372811C02E75
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22Philip+Jackson+(Jan+2013+%2B)+<philip.jack...@nordnet.fr>%22%0A2048-bit+RSA+key,+ID+0x79D467BFF5DF6C91,%0Acreated+2014-10-28+(main+key+ID+0x26BD500A23543A63).%0A
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- PKDECRYPT
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> S INQUIRE_MAXLEN 4096
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> INQUIRE CIPHERTEXT
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- [ 44 20 28 37 3a 65 6e 63 2d 76 61 6c 28 33 3a 72 ...(272 byte(s) skipped) ]
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- END
2017-09-11 18:10:22 gpg-agent[8972] no running SCdaemon - starting it
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- OK GNU Privacy Guard's Smartcard server ready
2017-09-11 18:10:22 gpg-agent[8972] DBG: first connection to SCdaemon established
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 -> GETINFO socket_name
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- D /home/pnj/.gnupg/S.scdaemon
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: additional connections at '/home/pnj/.gnupg/S.scdaemon'
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 -> OPTION event-signal=12
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 -> SERIALNO
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- S SERIALNO D2760001240102000005000028700000 0
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: detected card with S/N D2760001240102000005000028700000
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 -> SETDATA 00841F2F3CBDB9EDC908BF2B2F64C73144C98C687BC866063500A974431F6FC4CC1A01750EE73DC802F7C47F6451EE4C1CF7FF2A4866CA7B55FFF5E724F80BCEA9DA4DC6E2A406077AD25C8EB5D8AC0B51ED2113E18BFA485C5C2E393D7E4F9EFFCE7A2D0720F607094513A49CC8114EBE3639035E8F8880019A312527A9220C240434945FE15582D9694F1FFC64954EBEEBC6F9CCE777B646F08CA798DE06C7F727DB805215D64B2E8D5FC41D1487AEF62743D4BB833ED402C7DFF2CF5173BABFF8E61B3528C5E542EB390B5D9DF8C96E8CA0755437958FACF2FAAA4093901E3267D080CB76E06AD7B5195F4DE5D4DFF0954F87FEF15CFDE08135DD4CB4CA386E
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 -> PKDECRYPT OPENPGP.2
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_7 <- INQUIRE NEEDPIN ||Please enter the PIN
2017-09-11 18:10:22 gpg-agent[8972] starting a new PIN Entry
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK Pleased to meet you, process 8972
2017-09-11 18:10:22 gpg-agent[8972] DBG: connection to PIN entry established
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION grab
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION ttyname=/dev/pts/2
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION ttytype=xterm
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION lc-ctype=en_GB.UTF-8
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION lc-messages=en_GB.UTF-8
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION allow-external-password-cache
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION default-ok=_OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION default-cancel=_Cancel
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION default-yes=_Yes
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- ERR 83886254 Unknown option <PINentry>
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION default-no=_No
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- ERR 83886254 Unknown option <PINentry>
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION default-prompt=PIN:
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION default-pwmngr=_Save in password manager
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- ERR 83886254 Unknown option <PINentry>
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION default-tt-visi=Make passphrase visible
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- ERR 83886254 Unknown option <PINentry>
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION default-tt-hide=Hide passphrase
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- ERR 83886254 Unknown option <PINentry>
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> OPTION touch-file=/home/pnj/.gnupg/S.gpg-agent
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> GETINFO pid
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- D 8976
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 -> INQUIRE PINENTRY_LAUNCHED 8976
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_6 <- END
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> SETKEYINFO --clear
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> SETDESC Please enter the PIN
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> SETPROMPT PIN
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 <- OK
2017-09-11 18:10:22 gpg-agent[8972] DBG: chan_8 -> [[Confidential data not shown]]
2017-09-11 18:10:23 gpg-agent[8972] SIGUSR2 received - updating card event counter
2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_8 <- [[Confidential data not shown]]
2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_8 <- [[Confidential data not shown]]
2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_8 -> BYE
2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 -> [ 44 20 36 38 34 39 38 30 00 00 00 00 00 00 00 00 ...(76 byte(s) skipped) ]
2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 -> END
2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 <- ERR 100663395 Operation cancelled <SCD>
2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 -> CAN
2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 <- ERR 100663571 Unknown IPC command <SCD>
2017-09-11 18:10:30 gpg-agent[8972] smartcard decryption failed: Operation cancelled
2017-09-11 18:10:30 gpg-agent[8972] command 'PKDECRYPT' failed: Operation cancelled <SCD>
2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_6 -> ERR 100663395 Operation cancelled <SCD>
2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_6 <- [eof]
2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 -> RESTART
2017-09-11 18:10:30 gpg-agent[8972] DBG: chan_7 <- OK
2017-09-11 18:10:30 gpg-agent[8972] handler 0x7f4d7704e700 for fd 6 terminated

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Unable to sign or decrypt with card

Reply via email to