jorgelbg / pinentry-touchid

Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.
Apache License 2.0
551 stars 26 forks source link

Error: Duplicated entry in the keychain when gpg has comment #30

Open brandonryan opened 2 years ago

brandonryan commented 2 years ago

Describe the bug

I've been trying to use this gpg-agent for a while now. Finally got it working on the M1 chip mac. However, now im running into a new issue related to gpg comments and regex.

Seems like pinentry-mac stores the key in the keychain without the comment, so when pinentry-touchid is looking for it, it isnt found -> tries to create -> duplicate key error.

System information

macOS

GPG gpg (GnuPG) 2.3.7 libgcrypt 1.10.1 Homebrew: yes

Configuration gpg:OpenPGP:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/gpg gpgsm:S/MIME:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/gpgsm keyboxd:Public Keys:/opt/homebrew/Cellar/gnupg/2.3.7_1/libexec/keyboxd gpg-agent:Private Keys:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/gpg-agent scdaemon:Smartcards:/opt/homebrew/Cellar/gnupg/2.3.7_1/libexec/scdaemon dirmngr:Network:/opt/homebrew/Cellar/gnupg/2.3.7_1/bin/dirmngr pinentry:Passphrase Entry:/opt/homebrew/opt/pinentry/bin/pinentry

Logs (I added some logs)

2022/08/30 09:18:23 main.go:119: Ready! 2022/08/30 09:18:23 main.go:260: description: pinentry.Settings{Desc:"Please enter the passphrase to unlock the OpenPGP secret key:\n\"Brandon Ryan (brandonryan.dev) bjryan19@protonmail.com\"\n4096-bit RSA key, ID C39ECBC9739CCB93,\ncreated 2021-11-24.\n", Prompt:"Passphrase:", Error:"", OkBtn:"", NotOkBtn:"", CancelBtn:"", Title:"", Timeout:0, RepeatPrompt:"", RepeatError:"", QualityBar:"", PasswordQuality:(func(string) int)(nil), KeyInfo:"n/D25BB7218F89E807AAF8A055340843E8FDAC1A0B", Opts:pinentry.Options{Grab:false, AllowExtPasswdCache:true, Display:"", TTYType:"xterm-256color", TTYName:"/dev/ttys000", TTYAlert:"", LCCtype:"en_US.UTF-8", LCMessages:"en_US.UTF-8", Owner:"23826/501 Brandons-MacBook-Pro.local", TouchFile:"/Users/brandonryan/.gnupg/S.gpg-agent", ParentWID:"", InvisibleChar:""}} 2022/08/30 09:18:23 main.go:285: matches: []string{"ID C39ECBC9739CCB93,", "C39ECBC9739CCB93"} 2022/08/30 09:18:23 main.go:291: KeyID: "C39ECBC9739CCB93" 2022/08/30 09:18:23 main.go:298: keychain label: "Brandon Ryan (brandonryan.dev) bjryan19@protonmail.com (C39ECBC9739CCB93)" 2022/08/30 09:18:23 main.go:305: key exists: false 2022/08/30 09:18:23 main.go:348: Duplicated entry in the keychain

gpg-agent:

pinentry-program /opt/homebrew/bin/pinentry-mac

pinentry-program /opt/homebrew/opt/pinentry-touchid/bin/pinentry-touchid

pinentry-program /Users/brandonryan/Development/pinentry-touchid/pinentry-touchid

habibalamin commented 2 days ago

I had the same issue, and this comment helped me: https://github.com/jorgelbg/pinentry-touchid/issues/11#issuecomment-1514303791.

Basically, I removed the Keychain Access entry, then used GPG to decrypt a test file encrypted with the public key from the keypair with the comment,

and when GPG brought up pinentry-touchid's fallback (pinentry-mac), I unchecked the “Save to Keychain” option

so that pinentry-mac wouldn't save the key to the Keychain without the comment, which I'm guessing allows pinentry-touchid to save it instead, which it does with the comment.