Bug#839547: gnupg: unable to decrypt file
Hi Werner and Daniel, the upgrade to pinentry-gnome3 0.9.7-6 seems to have solved the problem. I suppose the bug entry can be marked as resolved. thanks for the help! Paul
Bug#839547: gnupg: unable to decrypt file
For the moment, I've resolved the issue by downgrading to the stable version of gnupg. I activated the stable release and modified /etc/preferences as such: Package: gnupg* Pin: release a=stable Pin-Priority: 991 I also had to replace my directory of gnupg keys with a backed up version from before the upgrade to make it work. - Paul
Bug#839547: gnupg: unable to decrypt file
Hi Daniel, > how are you running this? you said earlier this is rxvt-unicode, > but inside of what kind of graphical environment? Can do you know > how gpg-agent was started? I'm using dwm (6.1-3 amd64) > How is gpg-agent started? What happens if you kill gpg-agent and > then try the decryption command again immediately? > > gpgconf --kill gpg-agent > gpg --decrypt FILENAME gpgconf --kill gpg-agent gpg --decrypt file.gpg gpg: encrypted with 2048-bit RSA key, ID 3A2B8EB7865452A1, created 2014-02-28 "Paul Rogé " gpg: public key decryption failed: Operation cancelled gpg: decryption failed: No secret key
Bug#839547: gnupg: unable to decrypt file
Hi Paul-- hope it's ok that i'm responding to the public BTS as well. i've removed your trace below. On Tue 2016-10-04 14:48:59 -0400, Paul Rogé wrote: > I'm sending you another log file (I sent Daniel one earlier). The > numbers that seem like they might be sensitive are replaced by Xs. And I > am not posting it to the bug report system in case I missed something. > This is an attempt to export my secret key using: > > $ gpg --export-secret-keys 40E25F025E23DE01 > ~/Desktop/private.key > gpg: key : error receiving > key from agent: Operation cancelled - skipped > gpg: key : error receiving > key from agent: Operation cancelled - skipped > gpg: WARNING: nothing exported how are you running this? you said earlier this is rxvt-unicode, but inside of what kind of graphical environment? Can do you know how gpg-agent was started? Let's stick with the --decrypt use case instead of the --export-secret-keys use case for now. How is gpg-agent started? What happens if you kill gpg-agent and then try the decryption command again immediately? gpgconf --kill gpg-agent gpg --decrypt FILENAME regards, --dkg
Bug#839547: gnupg: unable to decrypt file
> I have tried that with the lates development version and on my non-gnome > desktop it shows this error message: > > $ gnome3/pinentry-gnome3 > OK Pleased to meet you > getpin > > ** (pinentry-gnome3:29667): WARNING **: couldn't create prompt for > gnupg passphrase: > GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name > org.gnome.keyring.SystemPrompter was not provided by any .service > files > > May it be that you have a similar problem? Hi Werner, my version does not produce this error. I get: $ pinentry-gnome3 OK Pleased to meet you getpin D asg OK bye OK closing connection
Bug#839547: [pkg-gnupg-maint] Bug#839547: Bug#839547: gnupg: unable to decrypt file
On Sun, 2 Oct 2016 01:16, pr...@riseup.net said: > pinentry-gnome3: /usr/bin/pinentry-gnome3 I have tried that with the lates development version and on my non-gnome desktop it shows this error message: $ gnome3/pinentry-gnome3 OK Pleased to meet you getpin ** (pinentry-gnome3:29667): WARNING **: couldn't create prompt for gnupg passphrase: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.keyring.SystemPrompter was not provided by any .service files May it be that you have a similar problem? Given that you won't stderr output when Pinentry is called by gpg-agent, I added some debug code to Pinentry. In case it fails at this place, the debug-pinentry gpg-agent.conf file setting will now produce this error: S ERROR gnome3.gcr_prompt 83886195 GDBus.Error:org.freedesktop.DBus.\ Error.ServiceUnknown: The name org.gnome.keyring.SystemPrompter \ was not provided by any .service files ERR 83886195 Configuration error Note that the final error message will be "configuration error". The changes are in the Pinentry repo but we had no more release in the last 9 months - thus porting this patch won't be easy. I will do a new release as soon as we have sorted out your problem. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgp5zU1JU8XY6.pgp Description: PGP signature
Bug#839547: [pkg-gnupg-maint] Bug#839547: gnupg: unable to decrypt file
Hi Paul-- On Sat 2016-10-01 16:16:39 -0700, Paul Rogé wrote: > >> dpkg -l 'pinentry-*' > > pinentry-gnome3 0.9.7-5 amd64 > pinentry-gtk2 0.9.7-5 amd64 > >> dpkg -S $(readlink -f $(which pinentry)) > > pinentry-gnome3: /usr/bin/pinentry-gnome3 > >> are you running this from a graphical environment (e.g. in an Xterm or >> something), from a virtual terminal, or somewhere else? >> > I am running this from a graphical environment (rxvt-unicode [9.22-1+b1 > amd64]), but the same problem occurs from the console. > >> If you do have pinentry installed, does it show you a prompt if you run >> it directly? > > This is what I get following your instructions: > > OK Pleased to meet you > getpin > D asd > OK > bye > OK closing connection great, this all sounds reasonable and correct, so pinentry is *not* the problem here. the next step for debugging might be to see what's going on with your gpg-agent, which is where the secret key gets used. Please try increasing the logging in gpg-agent and seeing if there's a clue in there. You can do this by adding the following lines to ~/.gnupg/gpg-agent.conf (note that you should replace the "1000" below with whatever your user id number is): debug-level advanced debug-pinentry log-file /run/user/1000/gpg-agent.log and then restarting the agent with this command: gpg-connect-agent reloadagent /bye Then retry the decryption operation: gpg --decrypt file.gpg and see what ends up in that log. Feel free to send it to me privately if you aren't sure if there's anything troubling in it, or to redact any parts you don't want public (e.g. replace any string of arbitrary-looking hexadecimal with XXX) and send it to this bug report. Thanks for bearing with this debugging process! --dkg signature.asc Description: PGP signature
Bug#839547: [pkg-gnupg-maint] Bug#839547: gnupg: unable to decrypt file
Hi Daniel, > dpkg -l 'pinentry-*' pinentry-gnome3 0.9.7-5 amd64 pinentry-gtk2 0.9.7-5 amd64 > dpkg -S $(readlink -f $(which pinentry)) pinentry-gnome3: /usr/bin/pinentry-gnome3 > are you running this from a graphical environment (e.g. in an Xterm or > something), from a virtual terminal, or somewhere else? > I am running this from a graphical environment (rxvt-unicode [9.22-1+b1 amd64]), but the same problem occurs from the console. > If you do have pinentry installed, does it show you a prompt if you run > it directly? This is what I get following your instructions: OK Pleased to meet you getpin D asd OK bye OK closing connection
Bug#839547: [pkg-gnupg-maint] Bug#839547: gnupg: unable to decrypt file
Hi Paul-- On Sat 2016-10-01 13:33:20 -0700, Paul Roge wrote: > After updated gnupg, I am unable to decrypt files with "gpg --decrypt > [file].gpg". The following error is generated: > >> gpg: encrypted with 2048-bit RSA key, ID 3A2B8EB7865452A1, created 2014-02-28 >> "Paul Rogé " >> gpg: public key decryption failed: Operation cancelled >> gpg: decryption failed: No secret key > > I have checked that a secret key exists by "gpg --edit-key 3A2B8EB7865452A1", > which states: > >> Secret key is available. >> >> sec rsa2048/40E25F025E23DE01 >> created: 2014-02-28 expires: 2017-03-14 usage: SC >> trust: ultimate validity: ultimate >> ssb rsa2048/3A2B8EB7865452A1 >> created: 2014-02-28 expires: 2017-03-14 usage: E >> [ultimate] (1). Paul Rogé >> [ultimate] (2) Paul Rogé >> [ultimate] (3) Paul Rogé >> [ultimate] (4) Paul Rogé > > I also ran the script "/usr/bin/migrate-pubring-from-classic-gpg --default", > but the same problem persists. Thanks for the report! it sounds like maybe the problem is with pinentry, which is what gpg-agent uses to get permission for use of the secret key -- what version of pinentry do you have installed? dpkg -l 'pinentry-*' dpkg -S $(readlink -f $(which pinentry)) are you running this from a graphical environment (e.g. in an Xterm or something), from a virtual terminal, or somewhere else? If you do have pinentry installed, does it show you a prompt if you run it directly? If you run it directly (as "pinentry") it should print out "OK pleased to meet you". at that point, you can type "getpin" and hit enter, and it should prompt you for a passphrase. enter a dummy passphrase into whatever dialog you get, and then pinentry should write it (prefixed with "D ") and then will write "OK". after that "OK", you can type "bye" to terminate. does that work for you? --dkg signature.asc Description: PGP signature
Bug#839547: gnupg: unable to decrypt file
Package: gnupg Version: 2.1.15-3 Severity: normal Dear Maintainer, After updated gnupg, I am unable to decrypt files with "gpg --decrypt [file].gpg". The following error is generated: > gpg: encrypted with 2048-bit RSA key, ID 3A2B8EB7865452A1, created 2014-02-28 > "Paul Rogé " > gpg: public key decryption failed: Operation cancelled > gpg: decryption failed: No secret key I have checked that a secret key exists by "gpg --edit-key 3A2B8EB7865452A1", which states: > Secret key is available. > > sec rsa2048/40E25F025E23DE01 > created: 2014-02-28 expires: 2017-03-14 usage: SC > trust: ultimate validity: ultimate > ssb rsa2048/3A2B8EB7865452A1 > created: 2014-02-28 expires: 2017-03-14 usage: E > [ultimate] (1). Paul Rogé > [ultimate] (2) Paul Rogé > [ultimate] (3) Paul Rogé > [ultimate] (4) Paul Rogé I also ran the script "/usr/bin/migrate-pubring-from-classic-gpg --default", but the same problem persists. Thanks, Paul -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages gnupg depends on: ii gnupg-agent2.1.15-3 ii libassuan0 2.4.3-1 ii libbz2-1.0 1.0.6-8 ii libc6 2.24-3 ii libgcrypt201.7.3-1 ii libgpg-error0 1.24-1 ii libksba8 1.3.5-2 ii libreadline6 6.3-8+b4 ii libsqlite3-0 3.14.2-1 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages gnupg recommends: ii dirmngr 2.1.15-3 ii gnupg-l10n 2.1.15-3 Versions of packages gnupg suggests: pn parcimonie pn xloadimage -- no debconf information