Re: pinentry problems
On 18.04.2018 22:09, Daniel Kahn Gillmor wrote: > can you explain the pinentry problem you're seeing? I'm afraid the bad > ownership of your files was distracting from any other problems you were > reporting. > > One simple way to test pinentry (without gpg or gpg-agent in the mix) > is: > > echo getpin | pinentry > > that should show you a dialog box that prompts you for a password. you > can put in whatever you like, and it should be emitted on the console > where you ran the above command. > > --dkg Okay. I tried your echo and that was fine. I just copy what I wrote in the emails before, cause this is still the same problem: > I tried gpg --gen-key and got even more > >> gpg: agent_genkey failed: Kein Pinentry >> Key generation failed: Kein Pinentry > I went back to the enigmail Troubleshooting advises above under 'How to > fix it' and tried further, so > > 1. is good > 2. is good, I made this symlink thing, didn't help > 3. is good, in my case it's > pinentry-program /usr/bin/pinentry-qt4 > 4. is good, the gnupg versions are matching > 5. I don't need this one, because 4 was good, they say > 6. here is where I get > ERR 67108949 Kein Pinentry > 7. when I use the normal user and type in > killall gpg-agent > gpg-agent --debug-level expert --use-standard-socket --daemon /bin/sh > I get > >> gpg-agent --debug-level expert --use-standard-socket --daemon /bin/sh >> gpg-agent[9469]: WARNING: "--use-standard-socket" is an obsolete > option - it has no effect >> gpg-agent[9469]: enabled debug flags: cache ipc >> gpg-agent[9469]: DBG: chan_4 <- OK Pleased to meet you, process 9469 >> gpg-agent[9469]: DBG: chan_4 -> BYE >> gpg-agent: a gpg-agent is already running - not starting a new one >> gpg-agent: secmem usage: 0/65536 bytes in 0 blocks > I tried it without all unnecessary code above: > gpg-agent --debug-level expert /bin/sh > and I get > >> gpg-agent[9477]: enabled debug flags: cache ipc >> gpg-agent[9477]: DBG: chan_3 <- OK Pleased to meet you, process 9477 >> gpg-agent[9477]: gpg-agent running and available >> gpg-agent[9477]: DBG: chan_3 -> BYE >> gpg-agent[9477]: secmem usage: 0/65536 bytes in 0 blocks > So this debugging doesn't work somehow and there is no other terminal > window which opens as they say. > It doesn't work in root either. So basically, I can activate pinentry, the echo command Daniel send and the other one from the enigmail site worked well. All graphical windows are opening when I force it remotely via terminal, BUT I always get this strange problem that I can't generate keys and I can't decrypt mails. I didn't attach the graphical message I always get when I want to open a encrypted message, cause it's too big for this list. It says "GnuPG can't ask for your passphrase with Pinentry. This is a failure of the system installation or a configuration mistake, this is why enigmail doesn't work. This problem can't be solved automatically." This is the problem I am still stuck with. Paul ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: pinentry problems
On 17.04.2018 22:50, Kristian Fiskerstrand wrote:
> On 04/17/2018 10:48 PM, Paul H. Hentze wrote:
>>
>>
>> On 17.04.2018 17:48, Daniel Kahn Gillmor wrote:
>>> On Tue 2018-04-17 11:11:22 +0200, Kristian Fiskerstrand wrote:
>>>> On 04/17/2018 10:52 AM, Paul H. Hentze wrote:
>>>>> Actually those commands
>>>>>> find ~/.gnupg -type d -exec chown 0700 '{}' ';'
>>>>>> find ~/.gnupg -type f -exec chown 0600 '{}' ';'
>>>>> didn't work.
>>>>> The terminal responded: "chown: The owner of data XXX is going to be
>>>>> changed. This is not allowed." and it did that with every file in that
>>>>> folder.
>>>>
>>>> Seems like a mixup of chmod and chown there, although make sure the user
>>>> is correct as well.
>>>
>>> yep, sorry, that should have been "chmod", not "chown" -- my mistake!
>>>
>>> --dkg
>>>
>> Ok, it did work with the chmod command.
>> Have you got any further ideas?
>
> remember to restart gpg-agent after doing that, gpgconf --kill gpg-agent
>
>
I did. This works fine as I asses that.
Now I'm still stuck with the pinentry problem.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: pinentry problems
On 17.04.2018 17:48, Daniel Kahn Gillmor wrote:
> On Tue 2018-04-17 11:11:22 +0200, Kristian Fiskerstrand wrote:
>> On 04/17/2018 10:52 AM, Paul H. Hentze wrote:
>>> Actually those commands
>>>> find ~/.gnupg -type d -exec chown 0700 '{}' ';'
>>>> find ~/.gnupg -type f -exec chown 0600 '{}' ';'
>>> didn't work.
>>> The terminal responded: "chown: The owner of data XXX is going to be
>>> changed. This is not allowed." and it did that with every file in that
>>> folder.
>>
>> Seems like a mixup of chmod and chown there, although make sure the user
>> is correct as well.
>
> yep, sorry, that should have been "chmod", not "chown" -- my mistake!
>
> --dkg
>
Ok, it did work with the chmod command.
Have you got any further ideas?
Paul
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: pinentry problems
On 17.04.2018 17:48, Daniel Kahn Gillmor wrote:
> On Tue 2018-04-17 11:11:22 +0200, Kristian Fiskerstrand wrote:
>> On 04/17/2018 10:52 AM, Paul H. Hentze wrote:
>>> Actually those commands
>>>> find ~/.gnupg -type d -exec chown 0700 '{}' ';'
>>>> find ~/.gnupg -type f -exec chown 0600 '{}' ';'
>>> didn't work.
>>> The terminal responded: "chown: The owner of data XXX is going to be
>>> changed. This is not allowed." and it did that with every file in that
>>> folder.
>>
>> Seems like a mixup of chmod and chown there, although make sure the user
>> is correct as well.
>
> yep, sorry, that should have been "chmod", not "chown" -- my mistake!
>
> --dkg
>
Ok, it did work with the chmod command.
Have you got any further ideas?
Paul
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: pinentry problems
On 17.04.2018 00:49, Daniel Kahn Gillmor wrote:
> On Tue 2018-04-17 00:04:11 +0200, Paul H. Hentze wrote:
>>> gpg: WARNING: unsafe permissions on homedir '/home/giraffenhorde/.gnupg'
>>
>> So I fixed that with
>>
>>> chown -R "$USER:$(id -gn)" ~/.gnupg
>>> chmod 700 ~/.gnupg
>>> chmod 600 ~/.gnupg/*
>>
>> from here: https://superuser.com/a/954639
>
> this doesn't look right to me.
>
> in particular, it's going to remove the "execute/traverse" permission on
> ~/.gnupg/private-keys-v1.d/, which means that gpg-agent isn't going to
> be able to get a list of all available secret keys.
>
> Probably, you want to do the following (as your normal user account):
>
> find ~/.gnupg -type d -exec chown 0700 '{}' ';'
> find ~/.gnupg -type f -exec chown 0600 '{}' ';'
>
> if you do that, then you should be able to see some files whose names
> end in ".key" in ~/.gnupg/private-keys-v1.d/, like so:
>
> ls -l ~/.gnupg/private-keys-v1.d/*.key
>
> if that's the case, then i recommend you ask your running gpg-agent to
> shut down because it's probably confused:
>
>gpgconf --kill gpg-agent
>
> a new gpg-agent should start up again afterward as soon as you need it.
> you can also try to see which secret keys are available like this:
>
>gpg --with-keygrip --list-secret-keys
>
> You should see that the keygrips listed match the files found in the
> "ls" output above.
>
> If that doesn't work for you, please report back and we'll try to debug
> further :)
>
> --dkg
>
Actually those commands
> find ~/.gnupg -type d -exec chown 0700 '{}' ';'
> find ~/.gnupg -type f -exec chown 0600 '{}' ';'
didn't work.
The terminal responded: "chown: The owner of data XXX is going to be
changed. This is not allowed." and it did that with every file in that
folder.
The rest of the commands are finde and I see the secret keys and the
matching keygrips.
Paul
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
pinentry problems
Hey folks, I'm kinda stuck here with a problem with pinentry and could use some help. I described the hole problem in detail here: https://sourceforge.net/p/enigmail/forum/support/thread/eedabe49/ For all who don't like links, I will copy it down below. Patrick Brunschwig already asked some questions and I tried some more stuff, which is all documented under the link above, but nothing helped. Has anybody any idea what to do? Best wishes Paul - - - - - - - - - - - - - - - Hi folks, I'm having some problems with GPG right know and hope you can help me. Debian 9, Thunderbird 52.7.0 (64-bit), Enigmail 2.0.2, GnuPG 2.1.18 I had a harddrive crash recently and had to set up the whole system from scratch. Because I couldn't do it properly I saved the .gnupg folder und now copied the whole thing to my new system at the same place. Since then, I can't use Mailencryption. I started with the faq page: https://www.enigmail.net/index.php/en/faq?view=topic=14#faqLink_2 Under 'How to analyze' I tried debugging and get > parseErrorOutputWith: status message: > gpg: WARNING: unsafe permissions on homedir '/home/giraffenhorde/.gnupg' So I fixed that with > chown -R "$USER:$(id -gn)" ~/.gnupg > chmod 700 ~/.gnupg > chmod 600 ~/.gnupg/* from here: https://superuser.com/a/954639 Now my secret keys are all gone. gpg --list-secret-keys gives no output and in enigmail this doesn't work either. When I want to put them in enigmail again, the system can't see them. I tried gpg --gen-key and got even more > gpg: agent_genkey failed: Kein Pinentry > Key generation failed: Kein Pinentry I went back to the enigmail Troubleshooting advises above under 'How to fix it' and tried further, so 1. is good 2. is good, I made this symlink thing, didn't help 3. is good, in my case it's pinentry-program /usr/bin/pinentry-qt4 4. is good, the gnupg versions are matching 5. I don't need this one, because 4 was good they say 6. here is where I get ERR 67108949 Kein Pinentry 7. when I type in killall gpg-agent gpg-agent --debug-level expert --use-standard-socket --daemon /bin/sh I get > gpg-agent --debug-level expert --use-standard-socket --daemon /bin/sh > gpg-agent[9469]: WARNING: "--use-standard-socket" is an obsolete option - it has no effect > gpg-agent[9469]: enabled debug flags: cache ipc > gpg-agent[9469]: DBG: chan_4 <- OK Pleased to meet you, process 9469 > gpg-agent[9469]: DBG: chan_4 -> BYE > gpg-agent: a gpg-agent is already running - not starting a new one > gpg-agent: secmem usage: 0/65536 bytes in 0 blocks I tried it without all unnecessary code above: gpg-agent --debug-level expert /bin/sh and I get > gpg-agent[9477]: enabled debug flags: cache ipc > gpg-agent[9477]: DBG: chan_3 <- OK Pleased to meet you, process 9477 > gpg-agent[9477]: gpg-agent running and available > gpg-agent[9477]: DBG: chan_3 -> BYE > gpg-agent[9477]: secmem usage: 0/65536 bytes in 0 blocks So this debugging doesn't work somehow and there is no other terminal window which opens as they say. Have you got any idea what to do? I could really use some help. Thanks in advance. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
test
test ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
