Re: [gentoo-user] gnupg fails to decrypt on kmail
On Thu, Feb 25, 2010 at 07:01:12AM +, Mick wrote: 2010-02-25 06:48:32 gpg-agent[6741] starting a new PIN Entry gpg-agent[6741]: can't connect server: `ERR 67109133 can't exec `/usr/bin/pinentry-qt': No such file or directory' 2010-02-25 06:48:32 gpg-agent[6741] can't connect to the PIN entry module: IPC connect call failed snip Why is it trying to call /usr/bin/pinentry-qt?! `ERR 67109133 can't exec `/usr/bin/pinentry-qt' Is this a valid binary these days, or an older qt3 version? I think it should be /usr/bin/pinentry: $ ls -la /usr/bin/pinentry lrwxrwxrwx 1 root root 12 Feb 24 07:01 /usr/bin/pinentry - pinentry-qt4 Looks like you found your problem. I am not absolutely sure why pinentry-qt is the default now. The man page says that running 'gpg-agent --version' will tell you what the default pinentry program it calls is, and that depends on installation. So maybe file a bug? I don't know whether this is a configuration/USE issue or something hardcoded in the distribution. In any case, two work-arounds are available: *) create a symlink of pinentry-qt to your actual pinentry binary. *) start gpg-agent with the '--pinentry-program' option. Cheers, W -- Willie W. Wong ww...@math.princeton.edu Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire et vice versa ~~~ I. Newton
Re: [gentoo-user] gnupg fails to decrypt on kmail
On Thursday 25 February 2010 11:18:54 Willie Wong wrote: On Thu, Feb 25, 2010 at 07:01:12AM +, Mick wrote: Why is it trying to call /usr/bin/pinentry-qt?! `ERR 67109133 can't exec `/usr/bin/pinentry-qt' Is this a valid binary these days, or an older qt3 version? I think it should be /usr/bin/pinentry: $ ls -la /usr/bin/pinentry lrwxrwxrwx 1 root root 12 Feb 24 07:01 /usr/bin/pinentry - pinentry-qt4 Looks like you found your problem. I am not absolutely sure why pinentry-qt is the default now. The man page says that running 'gpg-agent --version' will tell you what the default pinentry program it calls is, and that depends on installation. Hmm ... I saw that but I can't see the pinentry in there: $ gpg-agent --version gpg-agent (GnuPG) 2.0.14 libgcrypt 1.4.5 Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. So maybe file a bug? I don't know whether this is a configuration/USE issue or something hardcoded in the distribution. I will file a bug, but I am not entirely sure what I should file it under, so that it does not get rejected: gpg-agent which is calling pinentry-qt? app-crypt/pinentry, because it's done away with my previous pinentry-qt symlink to the pinentry binary? qt3 to qt4 move (in case this is linked to qt3 becoming deprecated)? Thank you so much for holding my hand on this! :-) -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] gnupg fails to decrypt on kmail
On Thu, Feb 25, 2010 at 08:45:27PM +, Mick wrote: So maybe file a bug? I don't know whether this is a configuration/USE issue or something hardcoded in the distribution. I will file a bug, but I am not entirely sure what I should file it under, so that it does not get rejected: gpg-agent which is calling pinentry-qt? I'd file it against gpg-agent and hope that if it is something related to the qt3-qt4 transition, one of the bug-wranglers will cc the qt team. I'd probably also file it as either minor or enhancement, since technically the man page does warn you about it. Normally I would ask around the list first to see if anyone can reproduce your problem before filing a bug. But since I've practically the only one answering your mail on this issue Let's hope that it is either reproducible or that the bug wranglers can find out a trivial reason why it isn't. Cheers, W -- Willie W. Wong ww...@math.princeton.edu Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire et vice versa ~~~ I. Newton
Re: [gentoo-user] gnupg fails to decrypt on kmail
On 22 February 2010 06:49, Mick michaelkintz...@gmail.com wrote: On Sunday 21 February 2010 17:01:13 Willie Wong wrote: On Sun, Feb 21, 2010 at 03:32:00PM +, Mick wrote: On Sunday 21 February 2010 15:08:28 Willie Wong wrote: On Sun, Feb 21, 2010 at 02:50:09PM +, Mick wrote: Yesterday I updated my system and after a series of: revdep-rebuild --library libjpeg.so.7 and revdep-rebuild -v -i I thought all was good to go. Unfortunately, I now noticed that I cannot open encrypted messages anymore and signing mail fails. This points towards gnupg which I remerged along with all packages I thought might me relevant. I haven't yet remerged openssl (will try that in a minute) but I am not sure that will help. It's not just smime but also openpgp that fails. Has anyone else noticed this and have you found any fixes for it? Just a random guess: maybe revdep-rebuild updated to a new version and configuration files changed? Did you look at the elogs of whatever you re-emerged yesterday? Yes and I ran dispatch-conf for a couple of changes. However, nothing that I recall was related to encryption: Sat Feb 20 08:05:50 2010 media-libs/jpeg-8 Sat Feb 20 08:20:29 2010 media-sound/phonon-4.3.80-r1 Sat Feb 20 08:36:37 2010 media-libs/tiff-3.9.2 Sat Feb 20 08:39:24 2010 media-libs/libquicktime-1.1.3 Sat Feb 20 08:42:15 2010 media-libs/gd-2.0.35-r1 Anything else I could look into? Then I am kind of out of ideas. You mentioned that you remerged gnupg: was there any warnings or logs at the end of the merge? (If you have it enabled, the logs maybe stored in /var/log/portage/elog/) You say that smime and openpgp fails, do you have the error message? It may help other people who know more about this to answer your question. Thanks again for your help. The problem seems to be with pinentry when gpg is invoked manually: gpg: problem with the agent: No pinentry and then as a consequence: gpg: public key decryption failed: General error gpg: decryption failed: No secret key However, I have remerged pinentry. :-( Initially, I thought this was related to updating media-libs/jpeg-8 and library libjpeg.so.7, but it seems that it may be related to qt3 becoming deprecated? Perhaps I should unmask app-crypt/pinentry-0.7.6 which has qt4 in its USE flags and try with that? Meanwhile I just resync'ed and there's a load of kde-4.3.5 updates. Perhaps I was cought up in some major update bonanza and that's why this broke. I'll finish the update and see how it goes. This is rather debilitating ... I have now update pinentry to 0.7.6 and I still have the same problem. :-( I may have to restore my system from a back up just to access my encrypted data, which is something I'd rather not have to do after a mammoth kde update. The elog of pinentry shows this, but I am not sure I understand what it means, or if it is related to my problem. == Messages generated by process 10763 on 2010-02-24 07:01:34 GMT for package a pp-crypt/pinentry-0.7.6: LOG: postinst We no longer install pinentry-curses and pinentry-qt SUID root by default. Linux kernels =2.6.9 support memory locking for unprivileged processes. The soft resource limit for memory locking specifies the limit an unprivileged process may lock into memory. You can also use POSIX capabilities to allow pinentry to lock memory. To do so activate the caps USE flag and add the CAP_IPC_LOCK capability to the permitted set of your users. == Since invoking gpg on the CLI does not ask for a passphrase and it returns: gpg: problem with the agent: No pinentry I assume that the problem is with pinentry. Is there some other application involved here that I should look into? -- Regards, Mick
Re: [gentoo-user] gnupg fails to decrypt on kmail
On Wed, Feb 24, 2010 at 11:31:34AM +, Mick wrote: Since invoking gpg on the CLI does not ask for a passphrase and it returns: gpg: problem with the agent: No pinentry I assume that the problem is with pinentry. Is there some other application involved here that I should look into? pinentry is the standalone package to asks for the passphrase for gpg. Try up'ing the verbosity on gpg? E.g. run `gpg -vv' on your CLI and post full output (modulo anything sensitive, of course)? (Also, a stupid question: at any point did you rebuild gpg? Did you restart the gpg-agent afterwards?) Cheers, W -- Willie W. Wong ww...@math.princeton.edu Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire et vice versa ~~~ I. Newton
Re: [gentoo-user] gnupg fails to decrypt on kmail
On Wed, Feb 24, 2010 at 11:31:34AM +, Mick wrote: Since invoking gpg on the CLI does not ask for a passphrase and it returns: gpg: problem with the agent: No pinentry I assume that the problem is with pinentry. Is there some other application involved here that I should look into? Hum, also, try getting some debug output from gpg-agent: (1) 'killall gpg-agent' (and run ps aux to see if they are really killed) (2) Restart gpg-agent via eval 'gpg-agent --daemon --no-detach --debug-level guru --log-file ~/gpg-agent.log' (3) Run gpg. Look at the content of ~/gpg-agent.log to see if anything is amiss. HTH, W -- Willie W. Wong ww...@math.princeton.edu Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire et vice versa ~~~ I. Newton
Re: [gentoo-user] gnupg fails to decrypt on kmail
On Wednesday 24 February 2010 15:03:06 Willie Wong wrote: Hum, also, try getting some debug output from gpg-agent: (1) 'killall gpg-agent' (and run ps aux to see if they are really killed) (2) Restart gpg-agent via eval 'gpg-agent --daemon --no-detach --debug-level guru --log-file ~/gpg-agent.log' (3) Run gpg. Look at the content of ~/gpg-agent.log to see if anything is amiss. Thank you very much for persevering with me! :-) I changed your eval argument a bit and this is what I noticed: eval $(gpg-agent --daemon --no-detach --debug-level guru --log-file gpg- agent.log) gpg-agent[7276]: enabled debug flags: command mpi crypto memory cache memstat hashing assuan The log file shows: 2010-02-24 20:32:01 gpg-agent[7276] listening on socket `/tmp/gpg- IX4A40/S.gpg-agent' 2010-02-24 20:32:01 gpg-agent[7277] gpg-agent (GnuPG) 2.0.14 started 2010-02-24 20:32:13 gpg-agent[7277] SIGINT received - immediate shutdown 2010-02-24 20:32:13 gpg-agent[7277] gpg-agent (GnuPG) 2.0.14 stopped 2010-02-24 20:32:13 gpg-agent[7277] random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 2010-02-24 20:32:13 gpg-agent[7277] secmem usage: 0/32768 bytes in 0 blocks However, when I invoke gpg it looks for another socket ... different to the one that the agent is listening on. $ gpg -vv DATA/some_data.ods.gpg gpg: using character set `iso-8859-1' gpg: enabled debug flags: memstat :pubkey enc packet: version 3, algo 16, keyid ZZZ data: [2048 bits] data: [2045 bits] gpg: public key is gpg: using subkey instead of primary key You need a passphrase to unlock the secret key for user: me m...@gmail.com gpg: using subkey instead of primary key 2048-bit ELG key, ID , created 2010-01-25 (main key ID ) can't connect to `/tmp/gpg-pNLb9Y/S.gpg-agent': No such file or directory gpg: can't connect to the agent - trying fall back can't connect to `/home/michael/.gnupg/S.gpg-agent': No such file or directory gpg: no running gpg-agent - starting one gpg-agent[7265]: enabled debug flags: assuan can't connect to `/home/michael/.gnupg/log-socket': Connection refused gpg: problem with the agent: No pinentry :encrypted data packet: length: 22577 mdc_method: 2 gpg: encrypted with 2048-bit ELG key, ID , created 2010-01-25 me m...@gmail.com gpg: public key decryption failed: General error gpg: decryption failed: No secret key Why is this? Invoking gpg to decrypt different (encrypted) files always brings up that socket '/tmp/gpg-pNLb9Y/S.gpg-agent'. Shouldn't it be a different socket each time? Another thing that shows something has gone south is that pinentry no longer asks for a passphrase as shown above. Also, when I encrypt a file it still does not ask for my passphrase - it just encrypts the file! -- Regards, Mick
Re: [gentoo-user] gnupg fails to decrypt on kmail
On Wed, Feb 24, 2010 at 10:51:38PM +, Mick wrote: eval $(gpg-agent --daemon --no-detach --debug-level guru --log-file gpg- agent.log) gpg-agent[7276]: enabled debug flags: command mpi crypto memory cache memstat hashing assuan The log file shows: 2010-02-24 20:32:01 gpg-agent[7276] listening on socket `/tmp/gpg- IX4A40/S.gpg-agent' 2010-02-24 20:32:01 gpg-agent[7277] gpg-agent (GnuPG) 2.0.14 started 2010-02-24 20:32:13 gpg-agent[7277] SIGINT received - immediate shutdown 2010-02-24 20:32:13 gpg-agent[7277] gpg-agent (GnuPG) 2.0.14 stopped 2010-02-24 20:32:13 gpg-agent[7277] random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 2010-02-24 20:32:13 gpg-agent[7277] secmem usage: 0/32768 bytes in 0 blocks However, when I invoke gpg it looks for another socket ... different to the one that the agent is listening on. $ gpg -vv DATA/some_data.ods.gpg gpg: using character set `iso-8859-1' gpg: enabled debug flags: memstat :pubkey enc packet: version 3, algo 16, keyid ZZZ data: [2048 bits] data: [2045 bits] gpg: public key is gpg: using subkey instead of primary key You need a passphrase to unlock the secret key for user: me m...@gmail.com gpg: using subkey instead of primary key 2048-bit ELG key, ID , created 2010-01-25 (main key ID ) can't connect to `/tmp/gpg-pNLb9Y/S.gpg-agent': No such file or directory gpg: can't connect to the agent - trying fall back snip Why is this? Invoking gpg to decrypt different (encrypted) files always brings up that socket '/tmp/gpg-pNLb9Y/S.gpg-agent'. Shouldn't it be a different socket each time? Ack, let's do this one step at a time then. First let's try to figure out the problem with the gpg-agent. This time, run the command from gpg-agent, not inside a eval statement. Just by itself on the commandline. It should spit out the environmental variable GPG_AGENT_INFO. Copy the content of that variable (so copy the whole thing GPG_AGENT_INFO=... ) In a new prompt, first paste the variable, then type gpg -vv *file* So it should be GPG_AGENT_INFO=.. gpg -vv DATA/filename.ogg Quick explanation: gpg finds out where the agent is by looking at the environmental variable GPG_AGENT_INFO. We want to try to make sure it is in fact looking at that variable. Take a look at the man pages for gpg-agent and gpg for more information. Now look at the output again to see if it is still connecting to the wrong socket. W -- Willie W. Wong ww...@math.princeton.edu Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire et vice versa ~~~ I. Newton
Re: [gentoo-user] gnupg fails to decrypt on kmail
On Thursday 25 February 2010 00:09:17 Willie Wong wrote: On Wed, Feb 24, 2010 at 10:51:38PM +, Mick wrote: Why is this? Invoking gpg to decrypt different (encrypted) files always brings up that socket '/tmp/gpg-pNLb9Y/S.gpg-agent'. Shouldn't it be a different socket each time? I noticed that this morning (after a reboot) it was looking for a different socket ... Ack, let's do this one step at a time then. First let's try to figure out the problem with the gpg-agent. [snip...] In a new prompt, first paste the variable, then type gpg -vv *file* $ gpg-agent --daemon --no-detach --debug-level guru --log-file gpg-agent.log gpg-agent[6740]: enabled debug flags: command mpi crypto memory cache memstat hashing assuan GPG_AGENT_INFO=/tmp/gpg-5Tgf3a/S.gpg-agent:6741:1; export GPG_AGENT_INFO; This is now what the log shows: 2010-02-25 06:45:53 gpg-agent[6740] listening on socket `/tmp/gpg-5Tgf3a/S.gpg-agent' 2010-02-25 06:45:53 gpg-agent[6741] gpg-agent (GnuPG) 2.0.14 started 2010-02-25 06:48:32 gpg-agent[6741] handler 0x98caa38 for fd 7 started gpg-agent[6741.7] DBG: - OK Pleased to meet you gpg-agent[6741.7] DBG: - RESET gpg-agent[6741.7] DBG: - OK gpg-agent[6741.7] DBG: - OPTION ttyname=/dev/pts/3 gpg-agent[6741.7] DBG: - OK gpg-agent[6741.7] DBG: - OPTION ttytype=rxvt gpg-agent[6741.7] DBG: - OK gpg-agent[6741.7] DBG: - OPTION display=:0.0 gpg-agent[6741.7] DBG: - OK gpg-agent[6741.7] DBG: - OPTION lc-ctype=C gpg-agent[6741.7] DBG: - OK gpg-agent[6741.7] DBG: - OPTION lc-messages=C gpg-agent[6741.7] DBG: - OK gpg-agent[6741.7] DBG: - OPTION allow-pinentry-notify gpg-agent[6741.7] DBG: - OK gpg-agent[6741.7] DBG: - GETINFO cmd_has_option GET_PASSPHRASE repeat gpg-agent[6741.7] DBG: - OK gpg-agent[6741.7] DBG: - GET_PASSPHRASE --data --repeat=0 -- A7029FW0V2G567G225FST52689GV822Rf230gkw8F X X Please+enter+the+passphrase+to+unlock+the+secret+key+ for+the+OpenPGP+certificate:%0A%22me+m...@gmail.com%22%0A2048-bit+ELG+key, +ID+,%0Acreated+2010-01-25+(main+key+ID+YYY).%0A 2010-02-25 06:48:32 gpg-agent[6741] DBG: agent_get_cache `A7029FW0V2G567G225FST52689GV822Rf230gkw8F'... 2010-02-25 06:48:32 gpg-agent[6741] DBG: ... miss 2010-02-25 06:48:32 gpg-agent[6741] starting a new PIN Entry gpg-agent[6741]: can't connect server: `ERR 67109133 can't exec `/usr/bin/pinentry-qt': No such file or directory' 2010-02-25 06:48:32 gpg-agent[6741] can't connect to the PIN entry module: IPC connect call failed 2010-02-25 06:48:32 gpg-agent[6741] command get_passphrase failed: No pinentry gpg-agent[6741.7] DBG: - ERR 67108949 No pinentry GPG Agent gpg-agent[6741.7] DBG: - [EOF] 2010-02-25 06:48:32 gpg-agent[6741] handler 0x98caa38 for fd 7 terminated Why is it trying to call /usr/bin/pinentry-qt?! `ERR 67109133 can't exec `/usr/bin/pinentry-qt' Is this a valid binary these days, or an older qt3 version? I think it should be /usr/bin/pinentry: $ ls -la /usr/bin/pinentry lrwxrwxrwx 1 root root 12 Feb 24 07:01 /usr/bin/pinentry - pinentry-qt4 Please note that the: Please+enter+the+passphrase+to+unlock+the+secret+key does not show up on the screen even when I use the gpg -vv option. -- Regards, Mick
[gentoo-user] gnupg fails to decrypt on kmail
Yesterday I updated my system and after a series of: revdep-rebuild --library libjpeg.so.7 and revdep-rebuild -v -i I thought all was good to go. Unfortunately, I now noticed that I cannot open encrypted messages anymore and signing mail fails. This points towards gnupg which I remerged along with all packages I thought might me relevant. I haven't yet remerged openssl (will try that in a minute) but I am not sure that will help. It's not just smime but also openpgp that fails. Has anyone else noticed this and have you found any fixes for it? -- Regards, Mick
Re: [gentoo-user] gnupg fails to decrypt on kmail
On Sun, Feb 21, 2010 at 02:50:09PM +, Mick wrote: Yesterday I updated my system and after a series of: revdep-rebuild --library libjpeg.so.7 and revdep-rebuild -v -i I thought all was good to go. Unfortunately, I now noticed that I cannot open encrypted messages anymore and signing mail fails. This points towards gnupg which I remerged along with all packages I thought might me relevant. I haven't yet remerged openssl (will try that in a minute) but I am not sure that will help. It's not just smime but also openpgp that fails. Has anyone else noticed this and have you found any fixes for it? Just a random guess: maybe revdep-rebuild updated to a new version and configuration files changed? Did you look at the elogs of whatever you re-emerged yesterday? Cheers, W -- Willie W. Wong ww...@math.princeton.edu Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire et vice versa ~~~ I. Newton
Re: [gentoo-user] gnupg fails to decrypt on kmail
On Sunday 21 February 2010 15:08:28 Willie Wong wrote: On Sun, Feb 21, 2010 at 02:50:09PM +, Mick wrote: Yesterday I updated my system and after a series of: revdep-rebuild --library libjpeg.so.7 and revdep-rebuild -v -i I thought all was good to go. Unfortunately, I now noticed that I cannot open encrypted messages anymore and signing mail fails. This points towards gnupg which I remerged along with all packages I thought might me relevant. I haven't yet remerged openssl (will try that in a minute) but I am not sure that will help. It's not just smime but also openpgp that fails. Has anyone else noticed this and have you found any fixes for it? Just a random guess: maybe revdep-rebuild updated to a new version and configuration files changed? Did you look at the elogs of whatever you re-emerged yesterday? Yes and I ran dispatch-conf for a couple of changes. However, nothing that I recall was related to encryption: Sat Feb 20 08:05:50 2010 media-libs/jpeg-8 Sat Feb 20 08:20:29 2010 media-sound/phonon-4.3.80-r1 Sat Feb 20 08:36:37 2010 media-libs/tiff-3.9.2 Sat Feb 20 08:39:24 2010 media-libs/libquicktime-1.1.3 Sat Feb 20 08:42:15 2010 media-libs/gd-2.0.35-r1 Anything else I could look into? -- Regards, Mick
Re: [gentoo-user] gnupg fails to decrypt on kmail
On Sun, Feb 21, 2010 at 03:32:00PM +, Mick wrote: On Sunday 21 February 2010 15:08:28 Willie Wong wrote: On Sun, Feb 21, 2010 at 02:50:09PM +, Mick wrote: Yesterday I updated my system and after a series of: revdep-rebuild --library libjpeg.so.7 and revdep-rebuild -v -i I thought all was good to go. Unfortunately, I now noticed that I cannot open encrypted messages anymore and signing mail fails. This points towards gnupg which I remerged along with all packages I thought might me relevant. I haven't yet remerged openssl (will try that in a minute) but I am not sure that will help. It's not just smime but also openpgp that fails. Has anyone else noticed this and have you found any fixes for it? Just a random guess: maybe revdep-rebuild updated to a new version and configuration files changed? Did you look at the elogs of whatever you re-emerged yesterday? Yes and I ran dispatch-conf for a couple of changes. However, nothing that I recall was related to encryption: Sat Feb 20 08:05:50 2010 media-libs/jpeg-8 Sat Feb 20 08:20:29 2010 media-sound/phonon-4.3.80-r1 Sat Feb 20 08:36:37 2010 media-libs/tiff-3.9.2 Sat Feb 20 08:39:24 2010 media-libs/libquicktime-1.1.3 Sat Feb 20 08:42:15 2010 media-libs/gd-2.0.35-r1 Anything else I could look into? Then I am kind of out of ideas. You mentioned that you remerged gnupg: was there any warnings or logs at the end of the merge? (If you have it enabled, the logs maybe stored in /var/log/portage/elog/) You say that smime and openpgp fails, do you have the error message? It may help other people who know more about this to answer your question. Cheers, W -- Willie W. Wong ww...@math.princeton.edu Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire et vice versa ~~~ I. Newton
Re: [gentoo-user] gnupg fails to decrypt on kmail
On Sunday 21 February 2010 17:01:13 Willie Wong wrote: On Sun, Feb 21, 2010 at 03:32:00PM +, Mick wrote: On Sunday 21 February 2010 15:08:28 Willie Wong wrote: On Sun, Feb 21, 2010 at 02:50:09PM +, Mick wrote: Yesterday I updated my system and after a series of: revdep-rebuild --library libjpeg.so.7 and revdep-rebuild -v -i I thought all was good to go. Unfortunately, I now noticed that I cannot open encrypted messages anymore and signing mail fails. This points towards gnupg which I remerged along with all packages I thought might me relevant. I haven't yet remerged openssl (will try that in a minute) but I am not sure that will help. It's not just smime but also openpgp that fails. Has anyone else noticed this and have you found any fixes for it? Just a random guess: maybe revdep-rebuild updated to a new version and configuration files changed? Did you look at the elogs of whatever you re-emerged yesterday? Yes and I ran dispatch-conf for a couple of changes. However, nothing that I recall was related to encryption: Sat Feb 20 08:05:50 2010 media-libs/jpeg-8 Sat Feb 20 08:20:29 2010 media-sound/phonon-4.3.80-r1 Sat Feb 20 08:36:37 2010 media-libs/tiff-3.9.2 Sat Feb 20 08:39:24 2010 media-libs/libquicktime-1.1.3 Sat Feb 20 08:42:15 2010 media-libs/gd-2.0.35-r1 Anything else I could look into? Then I am kind of out of ideas. You mentioned that you remerged gnupg: was there any warnings or logs at the end of the merge? (If you have it enabled, the logs maybe stored in /var/log/portage/elog/) You say that smime and openpgp fails, do you have the error message? It may help other people who know more about this to answer your question. Thanks again for your help. The problem seems to be with pinentry when gpg is invoked manually: gpg: problem with the agent: No pinentry and then as a consequence: gpg: public key decryption failed: General error gpg: decryption failed: No secret key However, I have remerged pinentry. :-( Initially, I thought this was related to updating media-libs/jpeg-8 and library libjpeg.so.7, but it seems that it may be related to qt3 becoming deprecated? Perhaps I should unmask app-crypt/pinentry-0.7.6 which has qt4 in its USE flags and try with that? Meanwhile I just resync'ed and there's a load of kde-4.3.5 updates. Perhaps I was cought up in some major update bonanza and that's why this broke. I'll finish the update and see how it goes. -- Regards, Mick