[pkg-gnupg-maint] Bug#787690: Bug#787690: pinentry-gtk2: always fails with "No passphrase given"

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jun 4 23:59:22 UTC 2015


Hi Brian--

On Thu 2015-06-04 19:22:09 -0400, brian m. carlson wrote:
> I have some more debugging information.  I've rebuilt the package with
> debugging statements and have determined that the return value from
> gtk_secure_entry_get_text (around pinentry-gtk-2.c:189) is a string
> consisting of literally 0 characters (entry line s):
>
>   want_pass: 1
>   s 0x7fc1a343ea28 (len 0)
>   passphrase_ok: 1
>   pin 0x7fc1a343e188 (len 0)
>
> So gpg-agent is correct when it says "No passphrase given".  I'm not
> clear on why this is happening.
>
> This is completely reproducible with a passphrase of 32 characters or
> more.  Apparently my passphrase is unreasonably secure.  Typing a
> passphrase of "passwordpasswordpasswordabcdefgh" (exactly 32 characters,
> but not my passphrase, of course) causes a failure, while leaving off
> the last character (resulting in 31 characters) results in a bad
> passphrase error.

Yikes, i can confirm this.  Thanks for the report.

Interestingly, if i paste a string of 34 characters into pinentry-gtk-2,
it works fine.  It's only if i type them one at a time that the failure
happens.

Temporary workaround while i sort this out with upstream:

  * you can try installing pinentry-gnome3, which will use the gcr
    message prompting, or pinentry-qt4 if you prefer the qt toolkits.


Further debugging techniques, if you want, without worrying about
strings being sent to gpg or gpgsm:

 0) invoke pinentry manually from the command line, and type "getpin" at
    its prompt.

 1) this should display a simplified passphrase dialog (via whatever
     mechanism you've selected).  When you've clicked "OK" or enter, it
     should echo whatever you type back in the terminal.

 2) when you're done playing with it, ctrl-d in the terminal should quit
    pinentry and leave you back at the shell.

Here's a transcript from me playing with it:

0 dkg at alice:~$ pinentry-gtk-2 
OK Your orders please
getpin
OK
getpin
D 123456789012345678901234567890123
OK
getpin
ERR 83886179 canceled
0 dkg at alice:~$

That's me typing a 33-char passphrase manually into the dialog, then
pasting the passphrase, then hitting cancel, running "getpin" each time
to get a new dialog.

   --dkg



More information about the pkg-gnupg-maint mailing list