GPG problem with pinentry on OS X 10.12.4

[martinberger]

I'm unable to use gpg: neither from the command line nor via emacs. The issue seems to be with pinentry. Here is an example decryption that fails.

$ gpg --debug-level advanced --expert --decrypt data.gpg gpg: enabled debug flags: memstat trust extprog gpg: AES encrypted data gpg: problem with the agent: No pinentry gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key gpg: keydb: handles=0 locks=0 parse=0 get=0 gpg: build=0 update=0 insert=0 delete=0 gpg: reset=0 found=0 not=0 cache=0 not=0 gpg: kid_not_found_cache: count=0 peak=0 flushes=0 gpg: sig_cache: total=0 cached=0 good=0 bad=0 gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 gpg: secmem usage: 0/32768 bytes in 0 blocks

If I run

 killall gpg-agent && gpg-agent --daemon --use-standard-socket --pinentry-program /usr/local/bin/pinentry

then it works again, but only until reboot. And my passwords are no longer requested on the command line, but using a weird terminal program.

Here is my configuration

$ more ~/.gnupg/gpg-agent.conf

pinentry-program /usr/bin/pinentry-curses default-cache-ttl 600 max-cache-ttl 7200

$ brew config HOMEBREW_VERSION: 1.1.13 ORIGIN: https://github.com/Homebrew/brew HEAD: 46f6dc4c93b96abd528c3a0a808a5ca5a795c7f3 Last commit: 8 days ago Core tap ORIGIN: https://github.com/Homebrew/homebrew-core Core tap HEAD: c5323c551b0e097ce089e48ee2d02aded5e554a5 Core tap last commit: 84 minutes ago HOMEBREW_PREFIX: /usr/local HOMEBREW_REPOSITORY: /usr/local/Homebrew HOMEBREW_CELLAR: /usr/local/Cellar HOMEBREW_BOTTLE_DOMAIN: https://homebrew.bintray.com CPU: quad-core 64-bit haswell Homebrew Ruby: 2.0.0-p648 Clang: 8.1 build 802 Git: 2.12.2 => /usr/local/bin/git Perl: /usr/bin/perl Python: /usr/bin/python Ruby: /usr/bin/ruby => /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/bin/ruby Java: 1.8.0_121, 1.6.0_65-b14-468 macOS: 10.12.4-x86_64 Xcode: N/A CLT: 8.3.0.0.1.1490382677 X11: 2.7.11 => /opt/X11

$ brew doctor Please note that these warnings are just used to help the Homebrew maintainers with debugging if you file an issue. If everything you use Homebrew for is working fine: please don't worry and just ignore them. Thanks!

Warning: "config" scripts exist outside your system or Homebrew directories. ./configure scripts often look for *-config scripts to determine if software packages are installed, and what additional flags to use when compiling and linking.

Having additional scripts in your path can confuse software installed via Homebrew if the config script overrides a system or Homebrew provided script of the same name. We found the following "config" scripts: /usr/local/munki/munkiwebadmin-config

Warning: Unbrewed .pc files were found in /usr/local/lib/pkgconfig. If you didn't put them there on purpose they could cause problems when building Homebrew formulae, and may need to be deleted.

Unexpected .pc files: /usr/local/lib/pkgconfig/tk.pc

Warning: Unbrewed static libraries were found in /usr/local/lib. If you didn't put them there on purpose they could cause problems when building Homebrew formulae, and may need to be deleted.

Unexpected static libraries: /usr/local/lib/libtclstub8.6.a /usr/local/lib/libtkstub8.6.a

Warning: Broken symlinks were found. Remove them with brew prune: /usr/local/share/ghostscript/9.19/Resource/Font/logo10.pfb /usr/local/share/ghostscript/9.19/Resource/Font/logo8.pfb /usr/local/share/ghostscript/9.19/Resource/Font/logo9.pfb /usr/local/share/ghostscript/9.19/Resource/Font/logobf10.pfb /usr/local/share/ghostscript/9.19/Resource/Font/logod10.pfb /usr/local/share/ghostscript/9.19/Resource/Font/logosl10.pfb /usr/local/share/ghostscript/9.19/Resource/Font/logosl8.pfb /usr/local/share/ghostscript/9.19/Resource/Font/logosl9.pfb /usr/local/share/ghostscript/9.19/Resource/Font/manfnt.pfb /usr/local/share/ghostscript/9.19/Resource/Font/wasy10.pfb /usr/local/share/ghostscript/9.19/Resource/Font/wasy5.pfb /usr/local/share/ghostscript/9.19/Resource/Font/wasy6.pfb /usr/local/share/ghostscript/9.19/Resource/Font/wasy7.pfb /usr/local/share/ghostscript/9.19/Resource/Font/wasy8.pfb /usr/local/share/ghostscript/9.19/Resource/Font/wasy9.pfb /usr/local/share/ghostscript/9.19/Resource/Font/wasyb10.pfb

[DomT4]

In ~/.gnupg/gpg-agent.conf change /usr/bin/pinentry-curses to /usr/local/bin/pinentry.

FWIW if you're using Homebrew's gnupg formula (now the 2.1 branch) rather than one of the versioned ones use-standard-socket is no longer required because it's the default.

[martinberger]

Thanks. That works much better. Is there a way of getting the old command-line based request for a password back, rather than this new ASCII-based 'terminal'?

On 25 April 2017 at 01:01, Dominyk Tiller notifications@github.com wrote:

In ~/.gnupg/gpg-agent.conf change /usr/bin/pinentry-curses to /usr/local/bin/pinentry.

FWIW if you're using Homebrew's gnupg formula (now the 2.1 branch) rather than one of the versioned ones use-standard-socket is no longer required because it's the default.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Homebrew/homebrew-core/issues/12816#issuecomment-296854103, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYrrYiAHR6AoZqiGwwlpEBkCnIJyHukks5rzTfHgaJpZM4NF0Eq .

[cblecker]

pinentry-mac also works well (brew install pinentry-mac then change that pinentry line to /usr/local/bin/pinentry-mac)

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[herman5]

Also having this issue with the same configuration

[JCount]

Please do not comment on old closed issues