search

jorgelbg / pinentry-touchid

Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.
Apache License 2.0
521 stars 23 forks source link

gpg: [stdin]: clear-sign failed: No pinentry #19

Closed SunsetYe66 closed 2 years ago

SunsetYe66 commented 2 years ago

Describe the bug

I have freshly installed the pinentry-touchid from homebrew. The configuration didn't work well. I would appreciate it if you can locate what the problem is.

I tried: pinentry-touchid returns: OK Hi from pinentry-touchid!

When pinentry program is set to pinentry-mac, running echo "test" | gpg -vvv clearsign returns:

``` ❯ echo "test" | gpg -vvv --clearsign gpg: using character set 'utf-8' gpg: Note: RFC4880bis features are enabled. gpg: no running gpg-agent - starting '/opt/homebrew/Cellar/gnupg/2.3.4/bin/gpg-agent' gpg: waiting for the agent to come up ... (5s) gpg: connection to the agent established gpg: using pgp trust model gpg: writing to stdout -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 test gpg: pinentry launched (61958 mac 1.1.1 - xterm-256color /private/tmp/com.apple.launchd.N7eC4KL1mw/org.xquartz:0 - 501/20 0) gpg: RSA/SHA256 signature from: "??? SunsetYe66" -----BEGIN PGP SIGNATURE----- iQGzBAEBCAAdFiEE3HGm3LzMJDi5MmgVmWNPzt9VFbcFAmHnokQACgkQmWNPzt9V Fbc8rgwAsyhMRA3gk+KZtNkhND5++ag8cLMkfSW5xFEYScNMp5EHPATM5aagTbhG ZS2DvBKOhWoo2oLZR7C1Kt5TOU4u92rgrjppBs5273Map27KQYKF0bYlo/5+mBzf DGd9ffdvhmcm/IMReyV5ABSPTDUNPi2He9CVzpT5gxTYceHe39aiR5Ij+7e5cy3j ZHtihlGJULSj8AaV6VuyCJO3vef1/4DVkjHKjy8pZR66IrcBin4dBMeQ1RkIPmkA hqqziORwY7c7zhQRB7qDp/l3xP76WgKwMFFQ3vkufl+GPr/+e0GT778EUaUxRxvr A0CVCibgFQWQSE2/CVSrRkgPzdwfDOzQ3Dy8T+RS6eISHi3eVv2BUQjWipM+7U8u 8QyZOsR0zE+9T/8rPTJGmkC6zlVCEnebxMjfWxY30sKVIezSxhtkeCcmArqxKuVr 58guXJB4fFHZ+D2spKVmodmWzubfNzN/vItbfxozPjSibraj5NEeNFCphXLMBbmX EUwQ0zcj =xfL3 -----END PGP SIGNATURE----- ```

But if set to pinentry-touchid, it fails:

``` gpg: using character set 'utf-8' gpg: Note: RFC4880bis features are enabled. gpg: using pgp trust model gpg: writing to stdout -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 test gpg: signing failed: No pinentry gpg: [stdin]: clear-sign failed: No pinentry ```

System information

macOS

GPG

gpg (GnuPG) 2.3.4
libgcrypt 1.9.4
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/shawn.ye/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Configuration

gpg:OpenPGP:/opt/homebrew/Cellar/gnupg/2.3.4/bin/gpg
gpgsm:S/MIME:/opt/homebrew/Cellar/gnupg/2.3.4/bin/gpgsm
keyboxd:Public Keys:/opt/homebrew/Cellar/gnupg/2.3.4/libexec/keyboxd
gpg-agent:Private Keys:/opt/homebrew/Cellar/gnupg/2.3.4/bin/gpg-agent
scdaemon:Smartcards:/opt/homebrew/Cellar/gnupg/2.3.4/libexec/scdaemon
dirmngr:Network:/opt/homebrew/Cellar/gnupg/2.3.4/bin/dirmngr
pinentry:Passphrase Entry:/opt/homebrew/opt/pinentry/bin/pinentry

Logs

gpg-agent:

``` ❯ cat .gnupg/gpg-agent.log 2022-01-19 13:26:38 gpg-agent[61089] listening on socket '/Users/shawn.ye/.gnupg/S.gpg-agent' 2022-01-19 13:26:38 gpg-agent[61089] listening on socket '/Users/shawn.ye/.gnupg/S.gpg-agent.extra' 2022-01-19 13:26:38 gpg-agent[61089] listening on socket '/Users/shawn.ye/.gnupg/S.gpg-agent.browser' 2022-01-19 13:26:38 gpg-agent[61089] listening on socket '/Users/shawn.ye/.gnupg/S.gpg-agent.ssh' 2022-01-19 13:26:38 gpg-agent[61090] gpg-agent (GnuPG) 2.3.4 started 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK Pleased to meet you, process 61088 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- RESET 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- OPTION ttytype=xterm-256color 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- OPTION display=/private/tmp/com.apple.launchd.N7eC4KL1mw/org.xquartz:0 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- GETINFO version 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> D 2.3.4 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- OPTION allow-pinentry-notify 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- OPTION agent-awareness=2.1.0 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- SCD SERIALNO 2022-01-19 13:26:38 gpg-agent[61090] no running /opt/homebrew/Cellar/gnupg/2.3.4/libexec/scdaemon daemon - starting it 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- OK GNU Privacy Guard's Smartcard server ready 2022-01-19 13:26:38 gpg-agent[61090] first connection to daemon /opt/homebrew/Cellar/gnupg/2.3.4/libexec/scdaemon established 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 -> GETINFO socket_name 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- D /Users/shawn.ye/.gnupg/S.scdaemon 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: additional connections at '/Users/shawn.ye/.gnupg/S.scdaemon' 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 -> OPTION event-signal=31 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 -> SERIALNO 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- ERR 100696144 Operation not supported by device 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> ERR 100696144 Operation not supported by device 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- HAVEKEY --list=1000 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 -> KEYINFO --list 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> [ 44 20 f2 34 bd d3 f8 cd a8 7e 28 3d 88 e8 f5 c8 ...(28 byte(s) skipped) ] 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- KEYINFO ??? 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 -> KEYINFO --list 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> S KEYINFO ??? - - - P - - - 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- RESET 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- SIGKEY ??? 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22SunsetYe66+%22%0A3072-bit+RSA+key,+ID+???,%0Acreated+2021-12-07.%0A 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- SETHASH 8 ??? 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> OK 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- PKSIGN 2022-01-19 13:26:38 gpg-agent[61090] starting a new PIN Entry 2022-01-19 13:26:38 gpg-agent[61090] can't connect to the PIN entry module '/opt/homebrew/bin/pinentry-touchid': End of file 2022-01-19 13:26:38 gpg-agent[61090] DBG: error calling pinentry: No pinentry 2022-01-19 13:26:38 gpg-agent[61090] failed to unprotect the secret key: No pinentry 2022-01-19 13:26:38 gpg-agent[61090] failed to read the secret key 2022-01-19 13:26:38 gpg-agent[61090] command 'PKSIGN' failed: No pinentry 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 -> ERR 67108949 No pinentry 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_8 <- [eof] 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 -> RESTART 2022-01-19 13:26:38 gpg-agent[61090] DBG: chan_9 <- OK ```

Add/attach the relevant section of the log to this issue (feel free to redact your key IDs).

pinentry-touchid:

 ❯ cat $TMPDIR/pinentry-touchid.log
cat: /var/folders/91/jnf_k3s16lv1fg4q386yppb00000gn/T//pinentry-touchid.log: No such file or directory
SunsetYe66 commented 2 years ago

this problem is fixed in https://github.com/jorgelbg/pinentry-touchid/pull/18 , tested passed on my own build v0.0.3-rc1-b1