search

jorgelbg / pinentry-touchid

Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.
Apache License 2.0
521 stars 23 forks source link

No `SETKEYINFO` provided by `gpg-agent` #17

Open AuHau opened 2 years ago

AuHau commented 2 years ago

Describe the bug

I have been trying to set up pinentry-touchid the whole day. First I run into the problem of the pinentry symlink using pinentry-curse that I have fixed using forcing the symlink to use pinentry-touchid, but that still has not resolved the issue. It was obvious that gpg-agent uses pinetrny-touchid but between gpg-agent restarts no Touch ID prompt showed up and instead pinentry-mac was always shown.

I used a custom build from latest master with adding some more logging to see what is going on and discovered that the main function GetPin() is not invoked thanks to the condition https://github.com/jorgelbg/pinentry-touchid/blob/3ebb30fcabe3916fe0dc776ac0b555d8983545f3/main.go#L208 where I have discovered that no KeyInfo is passed.

Looking at the gpg-agent.log I noticed that gpg-agent sents: SETKEYINFO --clear which might be the issue, yet I have no clue why is that. I have been even digging in the source code of gpg-agent itself and this happens only if the cache mode is in ignore mode. I am not sure how is that set, one case is when gpg-agent's flag ignore-cache-for-signing is enabled which I don't have (see bellow in configuration) or if !ctrl->server_local->use_cache_for_signing which I don't know how to verify.

Some pointers in gpg-agent code:

If anybody would have some pointers then I would be very happy, but now I have spent way too long on this so I am putting it to the ice and maybe returning to it sometime later.

System information

macOS

GPG

Configuration

gpg-agent:

$ gpg-agent --gpgconf-list
gpg-agent[88475]: enabled debug flags: mpi crypto memory cache memstat hashing ipc
gpg-agent[88475]: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg-agent[88475]: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg-agent[88475]: secmem usage: 0/32768 bytes in 0 blocks
debug-level:16:"none:
default-cache-ttl:16:600:
default-cache-ttl-ssh:16:1800:
max-cache-ttl:16:7200:
max-cache-ttl-ssh:16:7200:
min-passphrase-len:16:8:
min-passphrase-nonalpha:16:1:
check-passphrase-pattern:16:
check-sym-passphrase-pattern:16:
max-passphrase-days:16:0:
ssh-fingerprint-digest:16:"sha256:
$ gpgconf
gpg:OpenPGP:/opt/homebrew/Cellar/gnupg/2.3.3_1/bin/gpg
gpgsm:S/MIME:/opt/homebrew/Cellar/gnupg/2.3.3_1/bin/gpgsm
keyboxd:Public Keys:/opt/homebrew/Cellar/gnupg/2.3.3_1/libexec/keyboxd
gpg-agent:Private Keys:/opt/homebrew/Cellar/gnupg/2.3.3_1/bin/gpg-agent
scdaemon:Smartcards:/opt/homebrew/Cellar/gnupg/2.3.3_1/libexec/scdaemon
dirmngr:Network:/opt/homebrew/Cellar/gnupg/2.3.3_1/bin/dirmngr
pinentry:Passphrase Entry:/opt/homebrew/opt/pinentry/bin/pinentry

Logs

gpg-agent:

2021-12-30 18:43:04 gpg-agent[83616] listening on socket '/Users/adam/.gnupg/S.gpg-agent'
2021-12-30 18:43:04 gpg-agent[83616] listening on socket '/Users/adam/.gnupg/S.gpg-agent.extra'
2021-12-30 18:43:04 gpg-agent[83616] listening on socket '/Users/adam/.gnupg/S.gpg-agent.browser'
2021-12-30 18:43:04 gpg-agent[83616] listening on socket '/Users/adam/.gnupg/S.gpg-agent.ssh'
2021-12-30 18:43:04 gpg-agent[83617] gpg-agent (GnuPG) 2.3.3 started
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK Pleased to meet you, process 83615
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- RESET
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- OPTION ttytype=xterm-256color
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- GETINFO version
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> D 2.3.3
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- OPTION allow-pinentry-notify
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- OPTION agent-awareness=2.1.0
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- SCD SERIALNO
2021-12-30 18:43:04 gpg-agent[83617] no running /opt/homebrew/Cellar/gnupg/2.3.3_1/libexec/scdaemon daemon - starting it
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK GNU Privacy Guard's Smartcard server ready
2021-12-30 18:43:04 gpg-agent[83617] first connection to daemon /opt/homebrew/Cellar/gnupg/2.3.3_1/libexec/scdaemon established
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> GETINFO socket_name
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- D /Users/adam/.gnupg/S.scdaemon
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: additional connections at '/Users/adam/.gnupg/S.scdaemon'
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> OPTION event-signal=31
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> SERIALNO
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S SERIALNO D2760001240100000006163835350000
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> S SERIALNO D2760001240100000006163835350000
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- SCD SERIALNO
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> SERIALNO
2021-12-30 18:43:04 gpg-agent[83617] SIGUSR2 received - updating card event counter
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S SERIALNO D2760001240100000006163835350000
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> S SERIALNO D2760001240100000006163835350000
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- SCD GETATTR KEY-FPR
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> GETATTR KEY-FPR
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S KEY-FPR 1 EA3C2C2034B196194C10DC081D17A9E81F76155B
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> S KEY-FPR 1 EA3C2C2034B196194C10DC081D17A9E81F76155B
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S KEY-FPR 2 734DFF91532DE1CF3B0F263F98CC64154DD31AAD
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> S KEY-FPR 2 734DFF91532DE1CF3B0F263F98CC64154DD31AAD
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S KEY-FPR 3 B43793807EE335D308A45766F0D3C75EE7FC9DE7
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> S KEY-FPR 3 B43793807EE335D308A45766F0D3C75EE7FC9DE7
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- READKEY --card --no-data -- $SIGNKEYID
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> GETATTR SERIALNO
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S SERIALNO D2760001240100000006163835350000
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> GETATTR $SIGNKEYID
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S $SIGNKEYID OPENPGP.1
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> READKEY -- OPENPGP.1
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- [ 44 20 28 31 30 3a 70 75 62 6c 69 63 2d 6b 65 79 ...(554 byte(s) skipped) ]
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- READKEY --card --no-data -- $ENCRKEYID
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> GETATTR SERIALNO
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S SERIALNO D2760001240100000006163835350000
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> GETATTR $ENCRKEYID
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S $ENCRKEYID OPENPGP.2
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> READKEY -- OPENPGP.2
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- [ 44 20 28 31 30 3a 70 75 62 6c 69 63 2d 6b 65 79 ...(552 byte(s) skipped) ]
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- KEYINFO 7A98B54F7AF5896A1C7D77A98728BD9C03F1E374
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> KEYINFO --list
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S KEYINFO A633F40D9DF82B626C5F7DAF1E277641E937F115 T D2760001240100000006163835350000 OPENPGP.1
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S KEYINFO BF19A7ED2BC1F76B40DCDCEEFA00973731139FF6 T D2760001240100000006163835350000 OPENPGP.2
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S KEYINFO B62091485C283939115550D8E71449A5845FFF7F T D2760001240100000006163835350000 OPENPGP.3
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> ERR 67108891 Not found <GPG Agent>
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- KEYINFO 917685F020531A9B27B0520C21F7355FCFE56A6C
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> ERR 67108891 Not found <GPG Agent>
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- KEYINFO 5A50BD15E71E9202511CA4FDED8D124ACD1A98DF
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> ERR 67108891 Not found <GPG Agent>
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- KEYINFO B01772F781C80DC733FF18953A8AD350BDC06B38
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> S KEYINFO B01772F781C80DC733FF18953A8AD350BDC06B38 T D2760001240100000006077988180000 OPENPGP.3 - - - - -
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- HAVEKEY --list=1000
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> [ 44 20 bf 19 a7 ed 2b c1 f7 6b 40 dc dc ee fa 00 ...(132 byte(s) skipped) ]
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- KEYINFO 917685F020531A9B27B0520C21F7355FCFE56A6C
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> ERR 67108891 Not found <GPG Agent>
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- KEYINFO 8D102F6474372F1B81B0F641E01184800E45E712
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> ERR 67108891 Not found <GPG Agent>
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- KEYINFO A633F40D9DF82B626C5F7DAF1E277641E937F115
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> S KEYINFO A633F40D9DF82B626C5F7DAF1E277641E937F115 T D2760001240100000006163835350000 OPENPGP.1 - - - - A
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- KEYINFO A633F40D9DF82B626C5F7DAF1E277641E937F115
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> S KEYINFO A633F40D9DF82B626C5F7DAF1E277641E937F115 T D2760001240100000006163835350000 OPENPGP.1 - - - - A
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- RESET
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- SIGKEY A633F40D9DF82B626C5F7DAF1E277641E937F115
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22...
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- SETHASH 10 03D1EAF118C87C9CA260D562C972FDC73E8D44315A21E576A78F0C0CE2D20098E1686DC544001300CC1452ADCEA5E994A52416C3BF4E6CB14EE160C5320C4870
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_8 <- PKSIGN
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> SERIALNO --all
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S SERIALNO D2760001240100000006163835350000
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> KEYINFO A633F40D9DF82B626C5F7DAF1E277641E937F115
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- S KEYINFO A633F40D9DF82B626C5F7DAF1E277641E937F115 T D2760001240100000006163835350000 OPENPGP.1
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> SETDATA 3051300D06096086480165030402030500044003D1EAF118C87C9CA260D562C972FDC73E8D44315A21E576A78F0C0CE2D20098E1686DC544001300CC1452ADCEA5E994A52416C3BF4E6CB14EE160C5320C4870
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 -> PKSIGN --hash=sha512 A633F40D9DF82B626C5F7DAF1E277641E937F115
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_9 <- [ 49 4e 51 55 49 52 45 20 4e 45 45 44 50 49 4e 20 ...(88 byte(s) skipped) ]
2021-12-30 18:43:04 gpg-agent[83617] starting a new PIN Entry
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK Hi from pinentry-touchid!
2021-12-30 18:43:04 gpg-agent[83617] DBG: connection to PIN entry established
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION no-grab
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION ttytype=xterm-256color
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION allow-external-password-cache
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION default-ok=_OK
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION default-cancel=_Cancel
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION default-yes=_Yes
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION default-no=_No
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION default-prompt=PIN:
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION default-pwmngr=_Save in password manager
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION default-tt-visi=Make passphrase visible
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION default-tt-hide=Hide passphrase
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION default-capshint=Caps Lock is on
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION touch-file=/Users/adam/.gnupg/S.gpg-agent
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> OPTION owner=83615/501 MacyTwo.local
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> GETINFO flavor
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- ERR 251658515 unknown IPC command <assuan>
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> GETINFO version
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- ERR 251658515 unknown IPC command <assuan>
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> GETINFO ttyinfo
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- ERR 251658515 unknown IPC command <assuan>
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> GETINFO pid
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- ERR 251658515 unknown IPC command <assuan>
2021-12-30 18:43:04 gpg-agent[83617] You may want to update to a newer pinentry
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> SETKEYINFO --clear
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> SETDESC Please unlock the card%0A%0ANumber: 16 383 535%0AHolder: Adam Uhlir%0ACounter: 114
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> SETPROMPT PIN
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 <- OK 
2021-12-30 18:43:04 gpg-agent[83617] DBG: chan_10 -> [[Confidential data not shown]]
2021-12-30 18:43:10 gpg-agent[83617] DBG: chan_10 <- [[Confidential data not shown]]
2021-12-30 18:43:10 gpg-agent[83617] DBG: chan_10 <- [[Confidential data not shown]]
2021-12-30 18:43:10 gpg-agent[83617] DBG: chan_10 -> BYE
2021-12-30 18:43:10 gpg-agent[83617] DBG: chan_9 -> [ 44 20 6d 30 6e 44 21 6b 33 6c 26 00 00 00 00 00 ...(76 byte(s) skipped) ]
2021-12-30 18:43:10 gpg-agent[83617] DBG: chan_9 -> END
2021-12-30 18:43:10 gpg-agent[83617] DBG: chan_9 <- S PINCACHE_PUT 0/openpgp/1 E8C978EA60984183A2C8B7E698BB1C9014341346245A9170
2021-12-30 18:43:10 gpg-agent[83617] DBG: handle_pincache_put: caching '0/openpgp/1'->'E8C978EA60984183A2C8B7E698BB1C9014341346245A9170'
2021-12-30 18:43:13 gpg-agent[83617] DBG: chan_9 <- [ 44 20 49 d9 b5 94 46 82 57 0f 32 90 b3 5e 9a d2 ...(502 byte(s) skipped) ]
2021-12-30 18:43:13 gpg-agent[83617] DBG: chan_9 <- OK
2021-12-30 18:43:13 gpg-agent[83617] DBG: chan_8 -> [ 44 20 28 37 3a 73 69 67 2d 76 61 6c 28 33 3a 72 ...(529 byte(s) skipped) ]
2021-12-30 18:43:13 gpg-agent[83617] DBG: chan_8 -> OK
2021-12-30 18:43:13 gpg-agent[83617] DBG: chan_8 <- [eof]
2021-12-30 18:43:13 gpg-agent[83617] DBG: chan_9 -> RESTART
2021-12-30 18:43:13 gpg-agent[83617] DBG: chan_9 <- OK

pinentry-touchid:

2021/12/30 18:43:04 main.go:109: Ready!
2021/12/30 18:43:04 main.go:213: Not meeting criteria to use pinentry-touchid, falling back to pinentry-mac
2021/12/30 18:43:04 main.go:214: len(s.Error): 0, len(s.RepeatPrompt): 0, s.Opts.AllowExtPasswdCache: true, len(s.KeyInfo): 0
jorgelbg commented 2 years ago

Interesting, in this case it seems that pinentry-touchid (or rather go-assuan/pinentry) is behaving as expected (partially) if --clear is passed by the agent the KeyInfo is cleared.

But, TBH I'm not sure what would be a better scenario here, because KeyInfo is needed/used to store the pin/passphrase in the keychain 🤔. We could decide to ignore the --clear flag but I'm not sure if that is wise because it would go against the default expected behaviour.