[pkg-gnupg-maint] Bug#846953: Bug#846953: gpg2 fails to decrypt with "No secret key" but gpg1 succeeds

Ryan Kavanagh rak at debian.org
Mon Dec 5 14:40:38 UTC 2016 

Hi Daniel,

On Mon, Dec 05, 2016 at 09:20:09AM -0500, Daniel Kahn Gillmor wrote:
> > rak at zeta:~$ echo "ABC" | gpg -r$GPGKEY1 --encrypt | gpg --debug 8 --decrypt
> 
> do you have GPG_TTY set?  if not, can you retry the first command after
> having done:
> 
>    GPG_TTY=$(tty)

I didn't have it set. Setting it now makes pinentry appear when I try to
decrypt stdin (thanks!), but it unfortunately didn't fix the rest of the
issue, e.g., I still can't decrypt files. (And I still can't decrypt
stdin, though this is likely no longer due to lack of GPG_TTY).

> if you set GPG_TTY then gpg will tell gpg-agent (which will tell
> pinentry-curses) which terminal it should prompt on.

I now get prompted for my passphrase by pinentry-curses on the current
terminal, and entering a bogus passphrase causes pinentry-curses
to complain about a bad passphrase. So there is some checking (hopefully
by gpg-agent!) of the passphrase somewhere along the line:

rak at zeta:/tmp$ killall gpg-agent
rak at zeta:/tmp$ export GPG_TTY=$(tty)
rak at zeta:/tmp$ echo "abc" | gpg -r$GPGKEY --encrypt > abc.gpg && gpg --decrypt abc.gpg
<pinentry-curses shows up and accepts only my valid passphrase>
gpg: encrypted with 10240-bit RSA key, ID 20E0235B0F5E9C64, created 2009-09-24
      "Ryan Kavanagh <rak at debian.org>"
gpg: public key decryption failed: End of file
gpg: decryption failed: No secret key
rak at zeta:/tmp$ echo "abc" | gpg -r$GPGKEY --encrypt | gpg --decrypt
<pinentry-curses shows up and accepts only my valid passphrase>
gpg: encrypted with 10240-bit RSA key, ID 20E0235B0F5E9C64, created 2009-09-24
      "Ryan Kavanagh <rak at debian.org>"
gpg: public key decryption failed: End of file
gpg: decryption failed: No secret key
rak at zeta:/tmp$ echo "abc" | gpg -r$GPGKEY --encrypt | gpg --decrypt
<pinentry-curses shows up and 3 bad passphrases results in this:>
gpg: encrypted with 10240-bit RSA key, ID 20E0235B0F5E9C64, created 2009-09-24
      "Ryan Kavanagh <rak at debian.org>"
gpg: public key decryption failed: Bad passphrase
gpg: decryption failed: No secret key
rak at zeta:/tmp$ env | grep GPG_TTY
GPG_TTY=/dev/pts/7

> Upstream tends to recommend setting GPG_TTY in your .bashrc.

Noted, thanks!

Best wishes,
Ryan

-- 
|_)|_/  Ryan Kavanagh      | GPG: 4E46 9519 ED67 7734 268F
| \| \  https://ryanak.ca/ |      BD95 8F7B F8FC 4A11 C97A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1873 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161205/6e1b696d/attachment.sig>

More information about the pkg-gnupg-maint mailing list