On Sun, Nov 7, 2021 at 11:30 AM Amit Saha <[email protected]> wrote: > > On Sun, Nov 7, 2021 at 10:50 AM Lee Ball <[email protected]> wrote: > > > > Sorry to spam you here Amit- I forgot to put the list on the To: line in > > case the info is helpful to anyone else: > > All good, thanks for sharing the tips. This is what I have now. > > My Gpg agent is running via a systemd user service: > > [Unit] > Description=GnuPG cryptographic agent and passphrase cache > Documentation=man:gpg-agent(1) > Requires=gpg-agent.socket > > [Service] > ExecStart=/usr/bin/gpg-agent --supervised --debug-all > ExecReload=/usr/bin/gpgconf --reload gpg-agent > > > > My config files: > > $ cat ~/.gnupg/gpg.conf > # pinentry-mode loopback > > (I had to comment that out since otherwise "pass" gives this error: > gpg: Sorry, we are in batchmode - can't get input) > > > My gpg-agent.conf is now: > > $ cat ~/.gnupg/gpg-agent.conf > debug 1024 > debug-level advanced > debug-pinentry > > pinentry-program /usr/bin/pinentry-curses > log-file gpg-agent.log > display :0 > > When I do a "pass show <password>", it asks me for the passphrase, if > i enter the wrong pass phrase, it does come back with an error saying > bad passphrase. > So it seems to me that the gpg decryption is happening, but then > something is getting lost. > > If i look at the gpg-agent.log file (after i have once successfully > entered my pass phrase), i see this when i do a "pass show > <password>": > > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK Pleased to meet > you, process 2671 > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- RESET > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION ttyname=/dev/pts/1 > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION > ttytype=xterm-256color > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION display=:0.0 > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION > xauthority=/home/echorand/.Xauthority > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION > putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION > lc-ctype=en_AU.UTF-8 > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION > lc-messages=en_AU.UTF-8 > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- GETINFO version > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> D 2.2.19 > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION > allow-pinentry-notify > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION > agent-awareness=2.1.0 > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- HAVEKEY <KEY ID> > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- HAVEKEY <KEY ID> > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- HAVEKEY <KEY ID> > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- RESET > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- SETKEY <KEY ID> > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- SETKEYDESC > Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22Amit+Saha+<[email protected]>%22%0A256-bit+ECDH+key,+ID+2936DD677ED4C323,%0Acreated+2021-10-02+(main+key+ID+2A18534CA9B35D2B).%0A > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- PKDECRYPT > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> S INQUIRE_MAXLEN 4096 > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> INQUIRE CIPHERTEXT > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- [ 44 20 28 37 3a > 65 6e 63 2d 76 61 6c 28 34 3a 65 ...(105 byte(s) skipped) ] > 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- END > 2021-11-07 11:28:29 gpg-agent[2614] DBG: chan_10 -> [ 44 20 28 35 3a > 76 61 6c 75 65 33 33 3a 40 8b 7a ...(31 byte(s) skipped) ] > 2021-11-07 11:28:29 gpg-agent[2614] DBG: chan_10 -> OK > 2021-11-07 11:28:29 gpg-agent[2614] DBG: chan_10 <- [eof] > > Appreciate any further debugging tips.
Finally managed to work around it. After a bit of experimentation, I realized that it was mainly gpg failing to decrypt a file on my Linux system (gpg version 2.2.19) which I had encrypted with gpg 2.3.3 on my Mac. So..then i thought, let me try and upgrade to gpg 2.3.3 on Linux. So, I did what anyone who had already spent too much with this would do - I installed Manjaro Linux, hoping to get the 2.3.3 in any of the AURs. Fortunately, the installed version of 2.2.29 just fixed everything. So, here's the summary: Mac: gpg 2.3.3 - where i created my initial password store (git hosted) Linux 1: gpg 2.2.19 (Didn't work) Ubuntu: gpg (GnuPG) 2.2.19 libgcrypt 1.8.5 Copyright (C) 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/echorand/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cypher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 Linux 2: gpg 2.2.29 (Worked) Manjaro: gpg (GnuPG) 2.2.29 libgcrypt 1.9.4-unknown Copyright (C) 2021 Free Software Foundation, Inc. License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/echorand/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 I am glad I can continue to use pass. Best Regards, -Amit.
