[pkg-gnupg-maint] Bug#1111810: gnupg: gpg-preset-passphrase doesn't seem to work

Christian Kastner ckk at debian.org
Fri Aug 22 10:41:12 BST 2025 

Package: gnupg
Version: 2.4.7-21
Severity: normal

I have a use case where gpg needs to work non-interactively with a
smartcard (here, a YubiKey).

According to the docs [1], it is possible to seed gpg-agent with
passphrases, using the gpg-preset-passphrase utility.

This requires starting gpg-agent with --allow-preset-passphrase,
which I have done.

However, no matter what I do, I still always get a PIN request.


Steps to reproduce:

1. Add allow-preset-passphrase to $GNUPGHOME/gpg-agent.conf
2. Reload the agent
3. Get the relevant keygrip (here, for a [S]igning subkey):

   $ KEYGRIP="$(gpg --list-secret-keys --with-keygrip | \
	grep -A 1 '\[S\]' | \
	sed -nr 's/.*Keygrip = ([A-F0-9]+)/\1/p')"

4. Seed the agent:

   $ echo "MY_PASSWORD" | \
	/usr/lib/gnupg/gpg-preset-passphrase --preset "$GPG_KEYGRIP"

5. Try signing something:

   $ gpg --sign --output /dev/null /dev/null

And the PIN dialog still always appears.

I think I've tried all variations of this: preseeding all available
keygrips with the password (in case I got the wrong one), using FPRs,
using echo -n, etc.

>From the various examples I can find on the net, I do feel like I'm
doing everything right.

Best,
Christian


[1]: https://www.gnupg.org/documentation/manuals/gnupg/gpg_002dpreset_002dpassphrase.html



-- System Information:
Debian Release: 13.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.41+deb13-amd64 (SMP w/32 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnupg depends on:
ii  dirmngr     2.4.7-21+b3
ii  gnupg-l10n  2.4.7-21
ii  gpg         2.4.7-21+b3
ii  gpg-agent   2.4.7-21+b3
ii  gpgsm       2.4.7-21+b3

Versions of packages gnupg recommends:
ii  gnupg-utils     2.4.7-21+b3
ii  gpg-wks-client  2.4.7-21+b3
ii  gpgv            2.4.7-21+b3

Versions of packages gnupg suggests:
pn  gpg-wks-server  <none>
pn  parcimonie      <none>
pn  xloadimage      <none>

-- no debconf information

More information about the pkg-gnupg-maint mailing list