[pkg-gnupg-maint] Bug#836772: Bug#836772: gnupg: unable to sign anyone's keys

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Sep 5 23:15:39 UTC 2016 

Control: tags 836772 + moreinfo
Control: retitle 836772 gnupg: pinentry returns permission denied

Hi Ramakrishnan--

Thanks for the detailed report!

On Mon 2016-09-05 11:24:52 -0400, Ramakrishnan Muthukrishnan wrote:
> rkrishnan at ken:~$ gpg --sign-key ben
>
> pub  rsa4096/E7BFC8EC95861109
>      created: 2009-07-12  expires: never       usage: SC  
>      trust: unknown       validity: unknown
> sub  rsa4096/CF0469521357C3D7
>      created: 2009-07-12  expires: never       usage: E   
> [ unknown] (1). Ben Hutchings (DOB: 1977-01-11)
> [ unknown] (2)  Ben Hutchings <benh at debian.org>
> [ unknown] (3)  Ben Hutchings <ben at decadent.org.uk>
>
> Really sign all text user IDs? (y/N) y
> gpg: using "EB46CA9A" as default secret key for signing
>
> pub  rsa4096/E7BFC8EC95861109
>      created: 2009-07-12  expires: never       usage: SC  
>      trust: unknown       validity: unknown
>  Primary key fingerprint: AC2B 29BD 34A6 AFDD B3F6  8F35 E7BF C8EC 9586
>      1109
>
>      Ben Hutchings (DOB: 1977-01-11)
>      Ben Hutchings <benh at debian.org>
>      Ben Hutchings <ben at decadent.org.uk>
>
> Are you sure that you want to sign this key with your
> key "Ramakrishnan Muthukrishnan <rkrishnan at debian.org>"
> (CF64CD61EB46CA9A)
>
> Really sign? (y/N) y
> gpg: signing failed: Permission denied
> gpg: signing failed: Permission denied
>
> Key not changed so no update needed.
 [...]
> write(7, "PKSIGN", 6)                   = 6
> write(7, "\n", 1)                       = 1
> read(7, "INQUIRE PINENTRY_LAUNCHED 31248\n", 1002) = 32
> write(7, "END", 3)                      = 3
> write(7, "\n", 1)                       = 1
> read(7, "ERR 83918849 Permission denied <"..., 1002) = 42

This suggests that the problem you're seeing is pinentry rejecting your
signature.  What version(s) of pinentry do you have installed and what
is your default?

   dpkg -l 'pinentry-*'
   readlink -f $(which pinentry)
   grep -i pinentry ~/.gnupg/*.conf

Is all your work being done within an X11 session, or are you connecting
to this machine via ssh or a text-mode terminal?  if X11, what graphical
environment are you using (e.g. gnome, kde, etc)?

            --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20160905/74bc5d03/attachment-0001.sig>

More information about the pkg-gnupg-maint mailing list