*** Please type your report below this line ***

After installing pinentry-qt4 package, and removing the other pinentry
packages, making sure my alternatives were correct, and editing my
.gnupg/gpg-agent.conf file, I am unable to sign email in KMail, edit encrypted
files using vim, or simply sign a file using the gpg command.

bss@monster:~% aptitude search pinentry
v   pinentry                        -
p   pinentry-curses                 - curses-based PIN or pass-phrase entry dial
i A pinentry-doc                    - documentation for pinentry packages
p   pinentry-gtk                    - GTK+-based PIN or pass-phrase entry dialog
p   pinentry-gtk2                   - GTK+-2-based PIN or pass-phrase entry dial
p   pinentry-qt                     - Qt-3-based PIN or pass-phrase entry dialog
i   pinentry-qt4                    - Qt-4-based PIN or pass-phrase entry dialog
v   pinentry-x11                    -
bss@monster:~% grep pin .gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-qt4
bss@monster:~% ls -l /usr/bin/pine*
lrwxrwxrwx 1 root root     26 2010-04-09 14:00 /usr/bin/pinentry ->
/etc/alternatives/pinentry
-rwxr-xr-x 1 root root 153360 2010-03-18 17:30 /usr/bin/pinentry-qt4
lrwxrwxrwx 1 root root     30 2010-04-09 14:00 /usr/bin/pinentry-x11 ->
/etc/alternatives/pinentry-x11
bss@monster:~% ls -l /etc/alternatives/pine*
lrwxrwxrwx 1 root root 21 2010-04-09 14:00 /etc/alternatives/pinentry ->
/usr/bin/pinentry-qt4
lrwxrwxrwx 1 root root 37 2010-04-09 14:00 /etc/alternatives/pinentry.1.gz ->
/usr/share/man/man1/pinentry-qt4.1.gz
lrwxrwxrwx 1 root root 21 2010-04-09 14:00 /etc/alternatives/pinentry-x11 ->
/usr/bin/pinentry-qt4
lrwxrwxrwx 1 root root 37 2010-04-09 14:00 /etc/alternatives/pinentry-x11.1.gz ->
/usr/share/man/man1/pinentry-qt4.1.gz
bss@monster:~% gpg -s Casecade.deck

You need a passphrase to unlock the secret key for
user: "Boyd Stephen Smith Jr. <bss@iguanasuicide.net>"
1024-bit DSA key, ID B1B54059, created 2007-02-06

gpg: problem with the agent - disabling agent use
bss@monster:~%

KMail pops up a "Bad Passphrase" error dialog without ever prompting me for a
passphrase.

vim also fails to decrypt a file when I attempt to edit it, but it does ask for
a passphrase:
bss@monster:~% vim credentials.gpg
The GPG_TTY is not set!
"credentials.gpg" [noeol][converted] 9L, 2011C
You need a passphrase to unlock the secret key for
user: "Boyd Stephen Smith Jr. <bss@iguanasuicide.net>"
4096-bit ELG-E key, ID 9EB2BCC2, created 2007-02-06 (main key ID B1B54059)


shell returned 2
9 lines filtered
Message could not be decrypted! (Press ENTER)

	Hello, Boyd.  I see that you're not showing your full gpg-agent.conf.
Could it be possible that you're having a lc_message parameter in it?

	I've been debugging for hours this, and finally came up with the following
discovery:

gpg-agent.conf:

no-grab
pinentry-program /usr/bin/pinentry-qt4
default-cache-ttl 7200
#lc-messages "es_ES.UTF-8"
lc-ctype "es_ES.UTF-8"

	Works!  See?

ender@polgara:~/debian/random_package$ debsign
 signfile ../random_package-1.dsc David Martínez Moreno <ender@debian.org>

You need a passphrase to unlock the secret key for
user: "David Martínez Moreno <ender@debian.org>"
1024-bit DSA key, ID 0D62001B, created 2001-03-12

gpg: cancelled by user


	But if I uncomment 'lc_message' parameter:

no-grab
pinentry-program /usr/bin/pinentry-qt4
default-cache-ttl 7200
lc-messages "es_ES.UTF-8"
lc-ctype "es_ES.UTF-8"

	And rerun the agent, it fails when connecting:

ender@polgara:~/debian/random_package$ debsign
 signfile ../random_package-1.dsc David Martínez Moreno <ender@debian.org>

You need a passphrase to unlock the secret key for
user: "David Martínez Moreno <ender@debian.org>"
1024-bit DSA key, ID 0D62001B, created 2001-03-12

gpg: problem with the agent - disabling agent use <<<<<<<<<<<<<<<  See?
Enter passphrase:
gpg: Interrupt caught ... exiting
debsign: gpg error occurred!  Aborting....


	Just as a note, this is also broken for me with pinentry-qt.

	Best regards,


		Ender.

I also get this bug - today I finally researched into and set up
Enigmail and gpg, yet it failed to generate a revocation certificate
and later send an encrypted/signed mail - bad passphrase or key
couldnt be found.

After some research I was lucky to find out about the pinentry
programs - currently the following are available here:

=================================================================

  Selection    Path                     Priority   Status
------------------------------------------------------------
* 0            /usr/bin/pinentry-qt4     95        auto mode
  1            /usr/bin/pinentry-gtk-2   85        manual mode
  2            /usr/bin/pinentry-qt4     95        manual mode

=================================================================

pinentry-qt4 fails completely to prompt me for a password, but when I
change to pinentry-gtk-2, things work fine.

My gpg-agent.conf is very boring:

===============================================================

###+++--- GPGConf ---+++###
default-cache-ttl 300
max-cache-ttl 3000
###+++--- GPGConf ---+++### Thu 20 Feb 2014 21:06:05 GMT
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.

===============================================================

So I dont think it is a locale issue here (en_GB.utf8 for reference).

A normal user would not have known what to do with no passphrase
prompts appearing so this is a serious problem.
Debian Release: jessie/sid
  990 testing         security.debian.org
  990 testing         ftp.uk.debian.org
  500 unstable        ignorantguru.github.com
  500 unstable        ftp.uk.debian.org
  500 quodlibet-unstable www.student.tugraz.at
    1 experimental    ftp.uk.debian.org
--- Package information. ---
Depends                   (Version) | Installed
===================================-+-===================
libc6                     (>= 2.14) |
libgcc1                (>= 1:4.1.1) |
libncursesw5      (>= 5.6+20070908) |
libqtcore4       (>= 4:4.7.0~beta1) |
libqtgui4              (>= 4:4.5.3) |
libstdc++6               (>= 4.1.1) |
libtinfo5                           |


Package's Recommends field is empty.

Suggests          (Version) | Installed
===========================-+-===========
pinentry-doc                |
-- 
Libre software on Github: https://github.com/OmegaPhil
FSF member #9442

I can't reproduce this, and I can't explain it.

A couple of things to try:

Try running pinentry-qt4 independently of gpg.  Just start it and enter
GETPIN at the prompt, and see if a window appears.

Also check your login setup to make sure that the environment variables
GPG_TTY and/or GPG_AGENT_INFO are set correctly.  Although that wouldn't
explain why pinentry-gtk-2 works.  There could be other environment
variables or settings that affect Qt but not Gtk.  Testing the programs
separately, as described above, might clarify that.

When I run pinentry-qt4 separately, I get a dialog, entering 'lol'
produces:

===================================================================

OK Your orders please
GETPIN
Bus::open: Can not get ibus-daemon's address.
IBusInputContext::createInputContext: no connection to ibus-daemon
D lol
OK

===================================================================

On the bash shell I'm looking at, GPG_TTY is unset, GPG_AGENT_INFO is
set to /tmp/gpg-GZ1n2z/S.gpg-agent:27908:1 - gpg-agent is running with
that process ID.

For reference I use XFCE4, not KDE.

Enigmail still breaks completely when /usr/bin/pinentry-qt4 'auto
mode'/'manual mode' is set.

During desktop startup, the only gpg error I can see is (which is
hopefully trivial):

=======================================================================

xfce4-session-Message: ssh-agent is already running; starting
gpg-agent without ssh support

=======================================================================

Thanks

Control: tags 577737 + moreinfo unreproducible

i haven't been able to reproduce this reported problem with pinentry-qt4
or its current equivalent pinentry-qt.  Is this still a problem with
0.9.7-6 in debian unstable or 0.9.7-5 in debian testing?  Is there a
straightforward way to reproduce the problem?  Is it an issue with
DBUS_SESSION_BUS_ADDRESS perhaps?

Control: tags 577737 + moreinfo unreproducible

i haven't been able to reproduce this reported problem with pinentry-qt4
or its current equivalent pinentry-qt.  Is this still a problem with
0.9.7-6 in debian unstable or 0.9.7-5 in debian testing?  Is there a
straightforward way to reproduce the problem?  Is it an issue with
DBUS_SESSION_BUS_ADDRESS perhaps?

Since that point, I have uninstalled pinentry-qt4 and have happily been
using pinentry-gtk-2.

Installing pinentry-qt (0.9.7-5) and switching to it via alternatives
results in the following error dialog coming up 4 times in succession
from Enigmail:

=====================================================================

GnuPG cannot query your passphrase via pinentry.

This is a system setup or configuration error that prevents Enigmail
from working properly and cannot be fixed automatically.

We strongly recommend that you consult our support web site at
https://enigmail.net/faq.

=====================================================================

The real error comes out in ~/.xsession-errors:

=====================================================================

gpg-agent[7019]: can't connect to the PIN entry module
'/usr/bin/pinentry': End of file
gpg-agent[7019]: failed to unprotect the secret key: No pinentry
gpg-agent[7019]: failed to read the secret key
gpg-agent[7019]: command 'PKDECRYPT' failed: No pinentry

=====================================================================

Manually calling pintentry seems to work:

=====================================================================

OK Pleased to meet you
GETPIN

D lol
OK

=====================================================================

So its still effectively useless.

Since that point, I have uninstalled pinentry-qt4 and have happily been
using pinentry-gtk-2.

Installing pinentry-qt (0.9.7-5) and switching to it via alternatives
results in the following error dialog coming up 4 times in succession
from Enigmail:

=====================================================================

GnuPG cannot query your passphrase via pinentry.

This is a system setup or configuration error that prevents Enigmail
from working properly and cannot be fixed automatically.

We strongly recommend that you consult our support web site at
https://enigmail.net/faq.

=====================================================================

The real error comes out in ~/.xsession-errors:

=====================================================================

gpg-agent[7019]: can't connect to the PIN entry module
'/usr/bin/pinentry': End of file
gpg-agent[7019]: failed to unprotect the secret key: No pinentry
gpg-agent[7019]: failed to read the secret key
gpg-agent[7019]: command 'PKDECRYPT' failed: No pinentry

=====================================================================

Manually calling pintentry seems to work:

=====================================================================

OK Pleased to meet you
GETPIN

D lol
OK

=====================================================================

So its still effectively useless.

Note that I'm no longer running Debian Testing but Devuan Testing,
however the pinentry package is unchanged.

I'm still baffled. i followed exactly the steps that you did and the QT
prompt shows up for me :(

What version of enigmail are you running?  where did you get it from?

can you turn on debug-pinentry in your dirmngr.conf and see what it says?

I'm still baffled. i followed exactly the steps that you did and the QT
prompt shows up for me :(

What version of enigmail are you running?  where did you get it from?

can you turn on debug-pinentry in your dirmngr.conf and see what it says?

Enigmail is v1.9.5 via Get Addons (rather than the Debian package).

I started playing with dirmngr.conf but then I realised you meant
gpg-agent.conf ;). As soon as I did a killall to have gpg-agent load the
new configuration and try again, it worked - I know that gpg2 stuff has
updated recently, and my uptime is ~11d, so perhaps the update scripts
don't kill off gpg-agent when theres some incompatible change?

Thanks

thanks, yes, you are correct :)

That's right, the package upgrade scripts make no attempt to restart
long-running user processes, for reasons i suspect you can imagine :)

Can you review /var/log/dpkg.log to see what versions of gpg-agent you
might have been running initially?  I'm glad it's working for you now,
anyway, though i'm still in the dark as to why it wasn't working for you
before.

Latest mentions of gnupg-agent:

=================================================

/var/log/dpkg.log:2016-10-02 08:11:27 upgrade gnupg-agent:amd64 2.1.11-7
2.1.15-3
/var/log/dpkg.log:2016-10-02 08:11:27 status half-configured
gnupg-agent:amd64 2.1.11-7
/var/log/dpkg.log:2016-10-02 08:11:27 status unpacked gnupg-agent:amd64
2.1.11-7
/var/log/dpkg.log:2016-10-02 08:11:27 status half-installed
gnupg-agent:amd64 2.1.11-7
/var/log/dpkg.log:2016-10-02 08:11:27 status half-installed
gnupg-agent:amd64 2.1.11-7
/var/log/dpkg.log:2016-10-02 08:11:27 status unpacked gnupg-agent:amd64
2.1.15-3
/var/log/dpkg.log:2016-10-02 08:11:27 status unpacked gnupg-agent:amd64
2.1.15-3
/var/log/dpkg.log:2016-10-02 08:12:41 configure gnupg-agent:amd64
2.1.15-3 <none>
/var/log/dpkg.log:2016-10-02 08:12:41 status unpacked gnupg-agent:amd64
2.1.15-3
/var/log/dpkg.log:2016-10-02 08:12:41 status unpacked gnupg-agent:amd64
2.1.15-3
/var/log/dpkg.log:2016-10-02 08:12:41 status half-configured
gnupg-agent:amd64 2.1.15-3
/var/log/dpkg.log:2016-10-02 08:12:41 status installed gnupg-agent:amd64
2.1.15-3

=================================================

2.1.11-7 is mentioned as an upgrade on 25.04.16.

You wrote ~11d on the 13th.  This upgrade is from the 2nd, ~11d before
the report.  Can you tell me whether this upgrade happend before or
after the boot that led you into the 11d uptime?  If it happened after
then yes, you were most likely running the older gpg-agent without
restarting it, which would explain the failures you saw.

fwiw, gpg should provide warning messages to stderr if it discovers it's
talking to an older agent, but if you only accessed it through enigmail
maybe those warning messages weren't propagated through to where you
could easily see them.

No, 'old gpg-agent was running' doesn't seem to be the right explanation
for this. The upgrade happened at 2016-10-02 08:11:27, however October
the 2nd looks like monthly reboot day, since there was a reboot from a
v4.5 kernel into v4.6 at 19:35:49, and then v4.7 at 19:40:19 (I'm
running v4.7.5-1 atm).

I'd like to say that any complaints from gpg-agent would cause that
Enigmail dialog to pop up, e.g. the 4 repeats of the dialog originally
suggestively match the 4 lines reported to .xsession-errors.

Dear Customer,

This is to confirm that your item has been shipped at December 20.

Postal label is enclosed to this e-mail. Please check the attachment!

With thanks and appreciation,
Fred Rich,
USPS Chief Station Manager.

Thanks.