search

romanz / trezor-agent

Hardware-based SSH/GPG/age agent
GNU Lesser General Public License v3.0
570 stars 150 forks source link

gpg: signing failed: End of file #455

Open Pandapip1 opened 1 year ago

Pandapip1 commented 1 year ago

On windows, when I try to use trezor-agent, I get the following error:

(trezor) PS C:\Users\gavin\source\bin\trezor> gpg --sign .\pyvenv.cfg
gpg: using "[REDACTED]" as default secret key for signing
gpg: signing failed: End of file
gpg: signing failed: End of file

When the command window opens, it lasts for about 5 seconds before throwing the following error (yes, I ran it about 10 times until I was able to get a screenshot after it errored before it closed.)

image

romanz commented 1 year ago

@SlugFiller could you please take a look?

SlugFiller commented 1 year ago

At a glance, it seems to be trying to run pinentry, and failing. It's not failing very gracefully, which is unfortunate (and will be fixed by an upcoming PR). But a fail is a fail regardless.

On Windows, pinentry is bundled with Gpg4Win. You can try to debug if and why yours is missing as so:

C:\Docs\Programs\trezor-agent>gpgconf --list-components
gpg:OpenPGP:D%3a\Program Files (x86)\Gpg4win\..\GnuPG\bin\gpg.exe
gpgsm:S/MIME:D%3a\Program Files (x86)\Gpg4win\..\GnuPG\bin\gpgsm.exe
keyboxd:Public Keys:D%3a\Program Files (x86)\Gpg4win\..\GnuPG\bin\keyboxd.exe
gpg-agent:Private Keys:D%3a\Program Files (x86)\Gpg4win\..\GnuPG\bin\gpg-agent.exe
scdaemon:Smartcards:D%3a\Program Files (x86)\Gpg4win\..\GnuPG\bin\scdaemon.exe
dirmngr:Network:D%3a\Program Files (x86)\Gpg4win\..\GnuPG\bin\dirmngr.exe
pinentry:Passphrase Entry:D%3a\Program Files (x86)\Gpg4win\..\GnuPG\..\Gpg4win\bin\pinentry.exe
C:\Docs\Programs\trezor-agent>"D:\Program Files (x86)\Gpg4win\..\GnuPG\..\Gpg4win\bin\pinentry.exe"
Please note that you don't have secure memory on this system
OK Pleased to meet you
SETDESC test
OK
MESSAGE
OK
^Z

If there is no pinentry entry, or gpgconf does not run, there may be an issue with your Gpg4Win installation.

SlugFiller commented 1 year ago

Looking at it more carefully, there's indeed a bug. The cause is in libagent/gpg/__init__.py in run_agent. This

         p.add_argument('--daemon', default=False, action='store_true',
                        help='daemonize the agent')

    p.add_argument('--pin-entry-binary', type=str, default='pinentry',
                    help='path to PIN entry UI helper')
    p.add_argument('--passphrase-entry-binary', type=str, default='pinentry',
                    help='path to passphrase entry UI helper')
    p.add_argument('--cache-expiry-seconds', type=float, default=float('inf'),
                    help='expire passphrase from cache after this duration')

     args, _ = p.parse_known_args()

Needs to be changed to this:

         p.add_argument('--daemon', default=False, action='store_true',
                        help='daemonize the agent')

    p.add_argument('--pin-entry-binary', type=str, default=argparse.SUPPRESS,
                    help='path to PIN entry UI helper')
    p.add_argument('--passphrase-entry-binary', type=str, default=argparse.SUPPRESS,
                    help='path to passphrase entry UI helper')
    p.add_argument('--cache-expiry-seconds', type=float, default=argparse.SUPPRESS,
                    help='expire passphrase from cache after this duration')

     args, _ = p.parse_known_args()

I'll add this fix to my GPG PR, since I'm in the process of rebasing and retesting it anyway.

Pandapip1 commented 1 year ago

Can confirm; that code is what causes the error. For now, I've manually edited that relevant file.