Andreas Petzold wrote:
Hi,
today I wanted to import a new x.509 cert into kleopatra and it didn't
show the pinentry dialog. pinentry-gtk2 was launched and was using 100%
CPU but it didn't do anything useful. Just for fun I removed
pinentry-gtk2, but then kleopatra immediately complained that it was
unable to decrypt the cert.
I checked kwatchgnupg and the logs showed a little hint to the problem.
gpg-agent[2117.7] DBG: <- GET_PASSPHRASE --data --repeat=0 -- X X
Passphrase: Please+enter+the+passphrase+to+unprotect+the+PKCS#12+object.
gpg-agent[2117]: starting a new PIN Entry
gpg-agent[2117]: can't connect server: ec=4.16383
gpgsm[8945]: gpg-protect-tool: error while asking for the passphrase: No
pinentry
gpgsm[8945]: error running `/usr/libexec/gpg-protect-tool': exit status 2
gpgsm[8945]: total number processed: 0
gpg-agent[2117]: can't connect to the PIN entry module: End of file
gpg-agent[2117]: command get_passphrase failed: No pinentry
gpg-agent[2117.7] DBG: -> ERR 67108949 No pinentry <GPG Agent>
gpgsm[8945.0] DBG: -> S IMPORT_RES 0 0 0 0 0 0 0 0 0 0 0 0 0 0
gpgsm[8945.0] DBG: -> ERR 50331800 Decryption failed <GpgSM>
Looks to me like /usr/libexec/gpg-protect-tool is just choosing the wrong
pinentry executable. It should just call /usr/bin/pinentry which should
call the correct pinentry-qt4/gtk2/whatever.
With pinentry-gtk2 removed, I started pinentry and it called pinentry-qt4.
So there are two problems:
a) why does pinentry-gtk2 get stuck?
b) why isn't pinentry-qt4 called by gpg-protect-tool?
It's a gnupg2 bug,
https://bugzilla.redhat.com/show_bug.cgi?id=548528
-- Rex