Pinentry fails without proper GnuPG configuration

[proninyaroslav]

Describe the bug …

I use Fedora 41 with GNOME. I tried to decrypt a file or text but it tells me that decryption failed, it doesn't ask for the smart card PIN code (I use Nitrokey). I decided to look at the log output and ran the app in the terminal:

$ flatpak run -v com.konstantintutsch.Lock

and only in this mode he asked me for the PIN code of my smart card. But it was not a GNOME GUI window, but a CLI interface in the terminal where I ran the app. it was strange. Without a terminal I don't get any PIN code entry dialog, and only if I run it in a terminal I get a CLI entry form.

Which version of Lock are you using?

1.0.3

Source

Flathub

Relevant log output

F: No installations directory in /etc/flatpak/installations.d. Skipping
F: Opening system flatpak installation at path /var/lib/flatpak
F: Opening user flatpak installation at path /home/yaroslav/.local/share/flatpak
F: Opening user flatpak installation at path /home/yaroslav/.local/share/flatpak
F: Opening system flatpak installation at path /var/lib/flatpak
F: Opening user flatpak installation at path /home/yaroslav/.local/share/flatpak
F: Opening system flatpak installation at path /var/lib/flatpak
F: /var/lib/flatpak/runtime/org.gnome.Platform/x86_64/47/55bffbcd42cab4dd3aee2f8ffb73f9fa194ab862003054b0b3db1194a9f0f046/files/lib32 does not exist
F: Cleaning up unused container id 1440778088
F: Cleaning up per-app-ID state for com.konstantintutsch.Lock
F: Cleaning up unused container id 3816558215
F: Cleaning up per-app-ID state for com.konstantintutsch.Lock
F: Allocated instance id 1346439496
F: Add defaults in dir /com/konstantintutsch/Lock/
F: Add locks in dir /com/konstantintutsch/Lock/
F: Disallowing network access
F: Allowing dri access
F: Allowing wayland access
F: Running '/usr/bin/bwrap --args 40 -- /usr/bin/xdg-dbus-proxy --args=42'
F: Running '/usr/bin/bwrap --args 40 -- com.konstantintutsch.Lock'
** Message: 22:06:51.366: GnuPG Made Easy 1.23.2

[konstantintutsch]

Have you tried adding these to files containing this specific configuration?

~/.gnupg/gpg.conf

use-agent

~/.gnupg/gpg-agent.conf

pinentry-program /usr/bin/pinentry-gnome3

Then reboot and try again.

[proninyaroslav]

The dialog is displayed, but it says that the card is not found and asks to insert it. Decryption with the gpg -d command works. Another oddity: if I decrypted a file with gpg -d and then tried to decrypt it with Lock, it writes Bad password in the log (including gpg) and PIN input dialog isn't displayed. Only removing and inserting the card from USB helps.

$ gpg -d -o out.txt in.txt
gpg: encrypted with rsa4096 key, ID ***, created ***
      "Yaroslav Pronin <***>"

$ flatpak run -v com.konstantintutsch.Lock
...
** (com.konstantintutsch.Lock:2): WARNING **: 17:25:34.689: Failed to decrypt GPGME data from file: Bad password

$ gpg -d -o out.txt in.txt
gpg: encrypted with rsa4096 key, ID ***, created ***
      "Yaroslav Pronin <***>"
gpg: public key decryption failed: Bad password
gpg: decryption failed: Bad password

[konstantintutsch]

The bad password error is a problem with either GnuPG or GPGME. You might want to report it there.

[konstantintutsch]

For the other one, I'm not sure whether I can fix that. I have not found any information in the GPGME configuration on selecting which Pinentry to use.

I'll continue to work on this because it seems like this issue is rather common (#17), but manually adding those two configuration files seems to be the only option currently available.

[proninyaroslav]

Adding a pair of lines to configuration files is not so problematic, but the fact is that it still doesn't work as expected. The card isn't visible for it, it asks to insert the card, although the PIN dialog works fine with other apps (for example git or Kleopatra).

[konstantintutsch]

Could you then please open a separate issue for this problem?