gpg: signing failed: Bad passphrase

[codekoriko]

I'm getting the 2 notifications saying that TLSKEY then GPG entries were read.

but I'm met with the error gpg: signing failed: Bad passphrase

GPG entry is empty expect for the password field which hold the GPG password that I want Keepass do type for me when I do git commit -S

any hint?

[djherbis]

🤷 Have you tried skipping using this tool and verifying that the passphrase stored in the GPG key entry exactly matches? Otherwise I'm not sure how it would send the wrong passphrase.

[codekoriko]

yup just did it again copy/pasting the field just to be sure and it worked. may be the sending an empty string? or str encoding error.

[djherbis]

You could try editing files in here: https://github.com/djherbis/keepass-pinentry/tree/master/KeepassPinentry to log what's going on and try to debug.

Its working for me so I don't really know what's different on your machine.

[codekoriko]

what is the certificate.pem stored in STDPROXY_CERT, is it .crt + the private key?

[djherbis]

STDPROXY_CERT points to the certificate.pem which should be the public key. The private key is the one inside TLSKEY.

[codekoriko]

I noticed that if I don't but the GPG entry at the root of my keepass but rather in some folder, then the plugin read another unrelated keepass entry.

The version of keepass in your repo is 2.35 which is quite a distance from the current 2.52 (64-bit), may be that's why?

[djherbis]

Ah, yeah the code basically just does a "Search" for GPG but might might match something else first. It should probably be refined to specifically only match if the title is an exact match.

https://github.com/djherbis/keepass-pinentry/blob/6690bf65be893af21200fe115ce4c8fb90d7994b/KeepassPinentry/EntryDB.cs#L21

The version in the repo is only in there because ya need some version to build an extension, my local keepass version is much newer.