[Bug 1775923] Re: gpg can't access secret keys when logged in via ssh instead of desktop

John S. Gruber JohnSGruber at gmail.com
Fri Sep 21 14:43:15 UTC 2018 

I have this problem testing Cosmic as well. In fact it is a problem both
when using a virtual tty (alt-cntl-F2 for example), and when using ssh.

The problem appears to me to be that pinentry, the program to collect
the passphrase for one's private key, is not working as it was.

Assuming I am not signed on elsewhere, first entering the following
works for me:

GPG_TTY=$(tty)
export GPG_TTY

Ideally this would go in your shell startup script, e.g. .bashrc. It's
from "man gpg-agent".

But it gets stranger and then the above is not enough.

If I am signed on a graphic session, when I try to use my private key
through either an ssh session or a virtual terminal, the prompt for
unlocking the private key goes to the graphic session rather than to
where I'm typing. That happens even if the graphic session is locked and
invisible.

In this case the gpg "--pinentry-mode loopback" option works to have a
passphrase prompt go to where I'm typing (though the prompt is very
basic compared to the text pop-up).

Should user set-up add the above GPG_TTY commands to everyone's .bashrc
for the first case?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1775923

Title:
  gpg can't access secret keys when logged in via ssh instead of desktop

Status in gnupg2 package in Ubuntu:
  Confirmed

Bug description:
  I recently performed a fresh install of 18.04 (Bionic) after
  preserving my .gnupg directory from my previous 16.04 LTS (Xenial)
  installation, but now, I can't perform gpg operations that require my
  secret key unless I'm sitting at the desktop and not logged in via
  ssh.

  If I'm sitting at the gnome desktop environment, I can run gpg
  commands to decrypt encrypted messages and the popup appears to ask my
  passphrase, but if I'm connected via ssh, I get errors from gpg-agent
  and gpg fails to find my secret key without ever asking for my
  passphrase:

  $ ps auxww | grep gpg-agent
  jesse    16703  0.0  0.0  21536  1040 pts/4    S+   12:19   0:00 grep gpg-agent

  $ gpg --list-keys
  gpg: checking the trustdb
  gpg: marginals needed: 3  completes needed: 1  trust model: pgp
  gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
  gpg: next trustdb check due at 2019-02-22
  /home/jesse/.gnupg/pubring.kbx
  ------------------------------
  pub   rsa2048 2018-02-22 [SC] [expires: 2019-02-22]
        ...
  uid           [ultimate] Jesse Michael <... at ...>
  uid           [ultimate] Jesse Michael <... at ...>
  sub   rsa2048 2018-02-22 [E] [expires: 2019-02-22]

  pub   rsa2048 2018-02-22 [SC] [expires: 2019-02-22]
        ...
  uid           [ultimate] Jesse Michael <... at ...>
  sub   rsa2048 2018-02-22 [E] [expires: 2019-02-22]

  pub   rsa4096 2017-07-10 [SC] [expires: 2018-07-10]
        ...
  uid           [ unknown] ... <... at ...>
  sub   rsa4096 2017-07-10 [E] [expires: 2018-07-10]

  $ gpg --export-secret-keys
  gpg: key ...: error receiving key from agent: Operation cancelled - skipped
  gpg: key ...: error receiving key from agent: Operation cancelled - skipped
  gpg: key ...: error receiving key from agent: Operation cancelled - skipped
  gpg: key ...: error receiving key from agent: Operation cancelled - skipped
  gpg: WARNING: nothing exported

  $ gpg --decrypt somefilename.gpg
  gpg: encrypted with 4096-bit RSA key, ID ..., created 2017-07-10
        "... <... at ...>"
  gpg: encrypted with 2048-bit RSA key, ID ..., created 2018-02-22
        "Jesse Michael <... at ...>"
  gpg: public key decryption failed: Operation cancelled
  gpg: decryption failed: No secret key

  $ ps auxww | grep gpg-agent
  jesse    16716  0.0  0.0 100420  3484 ?        SLs  12:19   0:00 /usr/bin/gpg-agent --supervised
  jesse    16763  0.0  0.0  21536  1092 pts/4    S+   12:20   0:00 grep gpg-agent
   
  $ lsb_release -rd
  Description:    Ubuntu 18.04 LTS
  Release:        18.04

  $ apt-cache policy gpg gnupg2 gpg-agent
  gpg:
    Installed: 2.2.4-1ubuntu1
    Candidate: 2.2.4-1ubuntu1
    Version table:
   *** 2.2.4-1ubuntu1 500
          500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
          100 /var/lib/dpkg/status
  gnupg2:
    Installed: 2.2.4-1ubuntu1
    Candidate: 2.2.4-1ubuntu1
    Version table:
   *** 2.2.4-1ubuntu1 500
          500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
          500 http://us.archive.ubuntu.com/ubuntu bionic/universe i386 Packages
          100 /var/lib/dpkg/status
  gpg-agent:
    Installed: 2.2.4-1ubuntu1
    Candidate: 2.2.4-1ubuntu1
    Version table:
   *** 2.2.4-1ubuntu1 500
          500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1775923/+subscriptions

More information about the foundations-bugs mailing list