[pkg-gnupg-maint] Bug#850708: Bug#850708: gpg: decryption failed: No secret key

Vincent Lefevre vincent at vinc17.net
Tue Jan 10 03:08:09 UTC 2017 

On 2017-01-09 18:00:14 -0500, Daniel Kahn Gillmor wrote:
> On Mon 2017-01-09 10:02:20 -0500, Vincent Lefevre wrote:
> > Since the latest upgrade:
> >
> > * When I open a .gpg file with Emacs:
> >
> > * With "gpg -d note.gpg", same errors:
> >
> > gpg: AES encrypted data
> > gpg: cancelled by user
> > gpg: encrypted with 1 passphrase
> > gpg: decryption failed: No secret key
> >
> > The errors are immediate and 100% reproducible.
> 
> is this with a symmetrically-encrypted file, or with a file that is
> encrypted with a public key?

note.gpg: GPG symmetrically encrypted data (AES cipher)

> I'm unable to reproduce this problem.
> 
> what pinentry are you using?

pinentry-gtk-2

No problems with pinentry-curses.

> how is your pinentry launched or managed?

I don't know. I suppose that's gpg-agent that starts it.

> what happens if you do:
> 
>     gpg-connect-agent 'get_passphrase cacheval123 errorrmsg leadprompt description' /bye
> 
> this *should* throw up a password prompt in your graphical display.

Most of the time:

zira:~> gpg-connect-agent 'get_passphrase cacheval123 errorrmsg leadprompt description' /bye
ERR 83886179 Operation cancelled <Pinentry>

Sometimes a pinentry window appears.

> you can clear the same cached passphrase with:
> 
>     gpg-connect-agent 'clear_passphrase cacheval123' /bye

If I do that first, I get the same error.

Same problem if I use a wrapper:

#!/bin/sh
exec /usr/bin/pinentry-gtk-2 "$@"

but if I use strace:

#!/bin/sh
exec strace -f -tt -o /home/vinc17/str.out /usr/bin/pinentry-gtk-2 "$@"

I can't reproduce the problem. :(

If I use

#!/bin/sh
exec /usr/bin/pinentry-gtk-2 "$@" 2> /tmp/stderr

I get in /tmp/stderr:

** (pinentry-gtk-2:2711): WARNING **: it took 16 tries to grab the keyboard

** (pinentry-gtk-2:2711): CRITICAL **: could not grab pointer: already grabbed (1)

Perhaps the problem. Couldn't gpg-agent capture pinentry's standard
error to give it back to the user in case of error?

If I add strace to make it work, then /tmp/stderr is empty.

-- 
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

More information about the pkg-gnupg-maint mailing list