doesn't work with gopass and smartcard/GPG

[shibumi]

Hi,

I use a yubikey as smartcard with GPG. I tried using pinentry-bemenu with it, but sadly it doesn't work :(

When I execute pinentry-menu directly I get:

❯ pinentry-bemenu
OK pinentry-bemenu v0.6.0

However, when I execute gopass for example a pinentry dialog should start for asking my Yubikey pin, but it doesn't.

Is it possible that smartcard unlocking etc is not implemented yet? Would be cool to see this implemented I would really like to get rid of that GTK dialogs.

[t-8ch]

Can you try to run latest main and pass --debug to pinentry-bemenu and then post the log here? (Make sure it does not contain any secrets, but it shouldn't)

[t-8ch]

@shibumi could you take a look at my last comment?

[shibumi]

@t-8ch yes, sorry I didn't had time yet to have a look on it. Will have a look on it today :)

[shibumi]

Ok here we go:

May 13 14:52:46 motoko.shibumi.dev gpg-agent[24071]: gpg-agent (GnuPG) 2.2.27 starting in supervised mode.
May 13 14:52:46 motoko.shibumi.dev gpg-agent[24071]: using fd 3 for browser socket (/run/user/1000/gnupg/S.gpg-agent.browser)
May 13 14:52:46 motoko.shibumi.dev gpg-agent[24071]: using fd 4 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
May 13 14:52:46 motoko.shibumi.dev gpg-agent[24071]: using fd 5 for extra socket (/run/user/1000/gnupg/S.gpg-agent.extra)
May 13 14:52:46 motoko.shibumi.dev gpg-agent[24071]: using fd 6 for std socket (/run/user/1000/gnupg/S.gpg-agent)
May 13 14:52:46 motoko.shibumi.dev gpg-agent[24071]: listening on: std=6 extra=5 browser=3 ssh=4
May 13 14:52:48 motoko.shibumi.dev gpg-agent[24357]: scdaemon[24357]: ccid open error: skip
May 13 14:52:48 motoko.shibumi.dev gpg-agent[24357]: scdaemon[24357]: ccid open error: skip
May 13 14:52:48 motoko.shibumi.dev gpg-agent[24357]: scdaemon[24357]: detected reader 'Alcor Micro AU9540 00 00'
May 13 14:52:48 motoko.shibumi.dev gpg-agent[24357]: scdaemon[24357]: detected reader 'Yubico YubiKey OTP+FIDO+CCID 01 00'
May 13 14:52:48 motoko.shibumi.dev gpg-agent[24071]: detected card with S/N DXXXXXXXXXXXXXXXXXXXXXXXXX
May 13 14:52:48 motoko.shibumi.dev gpg-agent[24357]: scdaemon[24357]: sending signal 12 to client 24071
May 13 14:52:48 motoko.shibumi.dev gpg-agent[24357]: [123B blob data]
May 13 14:52:48 motoko.shibumi.dev gpg-agent[24071]: can't connect to the PIN entry module '/usr/bin/pinentry-bemenu --debug': IPC connect call failed
May 13 14:52:48 motoko.shibumi.dev gpg-agent[24357]: scdaemon[24357]: PIN callback returned error: IPC call has been cancelled
May 13 14:52:48 motoko.shibumi.dev gpg-agent[24357]: scdaemon[24357]: app_decipher failed: IPC call has been cancelled
May 13 14:52:48 motoko.shibumi.dev gpg-agent[24071]: smartcard decryption failed: No pinentry
May 13 14:52:48 motoko.shibumi.dev gpg-agent[24071]: command 'PKDECRYPT' failed: No pinentry

[shibumi]

When i try without --debug flag in the gpg-agent.conf file I get this:

May 13 14:52:00 motoko.shibumi.dev gpg-agent[23461]: --display: unknown option
May 13 14:52:00 motoko.shibumi.dev gpg-agent[23461]: Usage: pinentry-bemenu [-bn?] [--debug] [-b|--bottom] [-n|--no-overlap]
May 13 14:52:00 motoko.shibumi.dev gpg-agent[23461]:         [-m|--monitor=INT] [-H|--line-height=INT] [--fn=STRING]
May 13 14:52:00 motoko.shibumi.dev gpg-agent[23461]:         [--tb=#RRGGBB] [--tf=#RRGGBB] [--fb=#RRGGBB] [--ff=#RRGGBB]
May 13 14:52:00 motoko.shibumi.dev gpg-agent[23461]:         [--nb=#RRGGBB] [--nf=#RRGGBB] [--hb=#RRGGBB] [--hf=#RRGGBB]
May 13 14:52:00 motoko.shibumi.dev gpg-agent[23461]:         [--sb=#RRGGBB] [--sf=#RRGGBB] [--scb=#RRGGBB] [--scf=#RRGGBB]
May 13 14:52:00 motoko.shibumi.dev gpg-agent[23461]:         [-?|--help] [--usage]
May 13 14:52:00 motoko.shibumi.dev gpg-agent[21714]: can't connect to the PIN entry module '/usr/bin/pinentry-bemenu': End of file
May 13 14:52:00 motoko.shibumi.dev gpg-agent[22058]: scdaemon[22058]: PIN callback returned error: IPC call has been cancelled
May 13 14:52:00 motoko.shibumi.dev gpg-agent[22058]: scdaemon[22058]: app_decipher failed: IPC call has been cancelled
May 13 14:52:00 motoko.shibumi.dev gpg-agent[21714]: smartcard decryption failed: No pinentry
May 13 14:52:00 motoko.shibumi.dev gpg-agent[21714]: command 'PKDECRYPT' failed: No pinentry

[t-8ch]

@shibumi, seems that --display was just not handled. Can you try latest main?

[shibumi]

@t-8ch

May 13 19:26:43 motoko.shibumi.dev systemd[3290]: Started GnuPG cryptographic agent and passphrase cache.
May 13 19:26:43 motoko.shibumi.dev gpg-agent[43299]: gpg-agent (GnuPG) 2.2.27 starting in supervised mode.
May 13 19:26:43 motoko.shibumi.dev gpg-agent[43299]: using fd 3 for browser socket (/run/user/1000/gnupg/S.gpg-agent.browser)
May 13 19:26:43 motoko.shibumi.dev gpg-agent[43299]: using fd 4 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
May 13 19:26:43 motoko.shibumi.dev gpg-agent[43299]: using fd 5 for extra socket (/run/user/1000/gnupg/S.gpg-agent.extra)
May 13 19:26:43 motoko.shibumi.dev gpg-agent[43299]: using fd 6 for std socket (/run/user/1000/gnupg/S.gpg-agent)
May 13 19:26:43 motoko.shibumi.dev gpg-agent[43299]: listening on: std=6 extra=5 browser=3 ssh=4
May 13 19:26:51 motoko.shibumi.dev gpg-agent[43605]: scdaemon[43605]: ccid open error: skip
May 13 19:26:51 motoko.shibumi.dev gpg-agent[43605]: scdaemon[43605]: ccid open error: skip
May 13 19:26:51 motoko.shibumi.dev gpg-agent[43605]: scdaemon[43605]: detected reader 'Alcor Micro AU9540 00 00'
May 13 19:26:51 motoko.shibumi.dev gpg-agent[43605]: scdaemon[43605]: detected reader 'Yubico YubiKey OTP+FIDO+CCID 01 00'
May 13 19:26:51 motoko.shibumi.dev gpg-agent[43299]: detected card with S/N XXXXXXXXXXXXXXXXXXXXXx
May 13 19:26:51 motoko.shibumi.dev gpg-agent[43605]: scdaemon[43605]: sending signal 12 to client 43299
May 13 19:26:51 motoko.shibumi.dev gpg-agent[43605]: [123B blob data]
May 13 19:26:51 motoko.shibumi.dev gpg-agent[43299]: can't connect to the PIN entry module '/usr/bin/pinentry-bemenu --debug': IPC connect call failed
May 13 19:26:51 motoko.shibumi.dev gpg-agent[43605]: scdaemon[43605]: PIN callback returned error: IPC call has been cancelled
May 13 19:26:51 motoko.shibumi.dev gpg-agent[43605]: scdaemon[43605]: app_decipher failed: IPC call has been cancelled
May 13 19:26:51 motoko.shibumi.dev gpg-agent[43299]: smartcard decryption failed: No pinentry
May 13 19:26:51 motoko.shibumi.dev gpg-agent[43299]: command 'PKDECRYPT' failed: No pinentry
lines 394084-394163/394163 (END)

[shibumi]

@t-8ch

Ah ok.. my fault. I had --debug in the gpg-agent.conf file. Seems like gnupg doesn't like this. Without --debug it works and I see that bemenu pops up.

A few question:

1. How can I modify the visual appearance of it?
2. Is this wayland native?

EDIT: Ok I wrote a wrapper and I call that wrapper instead. Changing the color + font works already. Choosing the right display does not with wayland.

But more important: Is there any "don't show input" flag? I do screen sharing very often, would be a shame if somebody sees my pinentry pw for my smartcard ^^

EDIT: is the text changeable? "smartcard holder..... card number..... etc..: MYINPUT"

[t-8ch]

Can you describe on how you choose the display? Does it work with plain bemenu? The not-yet-released version of bemenu supports a password mode. If you build bemenu from git and recompile pinentry-bemenu it will automatically use it. The text is set by gpg-agent directly, it should be the same for all pinentry programs.

[t-8ch]

The windowing system used depends on the backend chosen by bemenu. There is a native wayland one.

[shibumi]

@t-8ch Thank you. I think all questions has been solved. I think if the newest bemenu version arrives I will very likely move this to the official Arch Linux repositories :)

[t-8ch]

I think all questions has been solved.

Happy to hear that!

I will very likely move this to the official Arch Linux repositories :)

Thanks!

[t-8ch]

FYI, I intend to cut a new release as soon as bemenu 0.6.0 is available in arch. So you may want to wait for that before moving pinentry-bemenu to the repos.

[shibumi]

@t-8ch I wanted to wait for the new bemenu version anyway :) but thanks