On Sun, Nov 7, 2021 at 10:50 AM Lee Ball <[email protected]> wrote: > > Sorry to spam you here Amit- I forgot to put the list on the To: line in > case the info is helpful to anyone else:
All good, thanks for sharing the tips. This is what I have now. My Gpg agent is running via a systemd user service: [Unit] Description=GnuPG cryptographic agent and passphrase cache Documentation=man:gpg-agent(1) Requires=gpg-agent.socket [Service] ExecStart=/usr/bin/gpg-agent --supervised --debug-all ExecReload=/usr/bin/gpgconf --reload gpg-agent My config files: $ cat ~/.gnupg/gpg.conf # pinentry-mode loopback (I had to comment that out since otherwise "pass" gives this error: gpg: Sorry, we are in batchmode - can't get input) My gpg-agent.conf is now: $ cat ~/.gnupg/gpg-agent.conf debug 1024 debug-level advanced debug-pinentry pinentry-program /usr/bin/pinentry-curses log-file gpg-agent.log display :0 When I do a "pass show <password>", it asks me for the passphrase, if i enter the wrong pass phrase, it does come back with an error saying bad passphrase. So it seems to me that the gpg decryption is happening, but then something is getting lost. If i look at the gpg-agent.log file (after i have once successfully entered my pass phrase), i see this when i do a "pass show <password>": 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK Pleased to meet you, process 2671 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- RESET 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION ttyname=/dev/pts/1 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION ttytype=xterm-256color 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION display=:0.0 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION xauthority=/home/echorand/.Xauthority 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION lc-ctype=en_AU.UTF-8 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION lc-messages=en_AU.UTF-8 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- GETINFO version 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> D 2.2.19 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION allow-pinentry-notify 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION agent-awareness=2.1.0 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- HAVEKEY <KEY ID> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- HAVEKEY <KEY ID> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- HAVEKEY <KEY ID> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- RESET 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- SETKEY <KEY ID> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22Amit+Saha+<[email protected]>%22%0A256-bit+ECDH+key,+ID+2936DD677ED4C323,%0Acreated+2021-10-02+(main+key+ID+2A18534CA9B35D2B).%0A 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- PKDECRYPT 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> S INQUIRE_MAXLEN 4096 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> INQUIRE CIPHERTEXT 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- [ 44 20 28 37 3a 65 6e 63 2d 76 61 6c 28 34 3a 65 ...(105 byte(s) skipped) ] 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- END 2021-11-07 11:28:29 gpg-agent[2614] DBG: chan_10 -> [ 44 20 28 35 3a 76 61 6c 75 65 33 33 3a 40 8b 7a ...(31 byte(s) skipped) ] 2021-11-07 11:28:29 gpg-agent[2614] DBG: chan_10 -> OK 2021-11-07 11:28:29 gpg-agent[2614] DBG: chan_10 <- [eof] Appreciate any further debugging tips. Thanks, Amit. > > --- > > > Oh, I forgot to mention in my previous email-- here's a list of the > > gpg-agent options: > > > > https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html > > > > And you can reload your gpg agent to pick up new configs with: > > > > $ gpg-connect-agent reloadagent /bye > > > > All the best, > > Cat Lee Ball > > > > > > On 11/6/21 4:41 PM, Lee Ball wrote: > >> Hi Amit, > >> > >> > >> To get a little more debug info, you might want to try adding debug > >> flags to gpg-agent. Usually, those live in ~/.gnupg/gpg-agent.conf > >> > >> You could try something like: > >> > >> > >> $ cat ~/.gnupg/gpg-agent.conf > >> debug 1024 > >> debug-level advanced > >> debug-pinentry > >> > >> > >> One wild guess is that maybe the pinentry prompt isn't spawning. You > >> can tell it to use a specific pinentry program in your gpg-agent.conf > >> too. > >> > >> > >> $ cat ~/.gnupg/gpg-agent.conf > >> pinentry-program /usr/bin/pinentry-curses > >> > >> > >> Make sure you have pinentry-curses installed first if you copy the > >> above line verbatim. :) > >> > >> > >> Wishing you luck! > >> Cat Lee Ball > > --- > > All the best, > Cat Lee Ball > > > On 11/6/21 4:37 PM, Amit Saha wrote: > > On Sun, Nov 7, 2021 at 10:13 AM Amit Saha <[email protected]> wrote: > >> > >> Hi all, a fairly new user of pass. I am using a git store for my > >> passwords. I started using MacOS and have been using it on a single > >> computer. > >> > >> Now, I have set pass up on a second system (Linux), and using the > >> 1.7.3 version on Ubuntu, when I do "pass show" one of the existing > >> passwords, the Gpg dialog pops up, I put in the password, then there > >> is no output. However, I can "pass insert" a new password on the same > >> system, and then "pass show" shows the secret. > >> > >> I can go back to the other computer, and I can see the secret I > >> created on the Linux system. > >> > >> I have used my existing gpg keys to encrypt and decrypt a file > >> successfully. > >> > >> > >> Not sure how to best debug. Any suggestions would be helpful. > > > > I tried using --clip: > > > > $ pass show --clip <pass word name> > > There is no password to put on the clipboard at line 1. > > > > So, I suppose the decryption process is not working? > > > > > >> > >> Thanks, > >> Amit.
