Page MenuHome GnuPG

gpg 2.1.2 with pinentry-curses prompts for passphrase when adding subkeys
Closed, ResolvedPublic

Description

Built gpg 2.1.2 sources on knoppix 7.2 live dvd, built pinentry0.9.0 with
curses support only. Generated an rsa (sign only) key prompts for passphrase
as usual. When adding a elgamal subkey, it asks for passphrase to unlock as
expected, but then it asks for a new passphrase and if you cancel then the key
does not get generated. You have to enter a passphrase as if you creating a
new key to generate the subkey. Thereafter modifying the key prompts for the
main key passphrase as well as the subkey. Sometimes the pinentry dialog
displays -large number of 3 attempts remaining.

Details

Version
2.1.2

Event Timeline

Sure it asks for a passphrase when adding a subkey. The passphrase is required
to a) protect the passphrase and b) to create a key-binding signature.

I might have not fully understood your report. In that case please describe it
again step by step.

werner lowered the priority of this task from Unbreak Now! to Normal.Feb 23 2015, 3:20 PM

Yes it asks for the passphrase to unlock the keyring, nut when i want to generate
a key, it asks me for the passphrase to unlock the keyring which i provide, then
it follows up with a "enter a new passphrase" dialog. If i cancel said dialog then
it does not allow me to generate and add the key.

So you mean gpg should use the passphrase of the main key for the new subkey as
well, right?

This could be done but it won't allow to use a different passphrase for the
subkey. If that is a regression from 2.0 this should be considered a bug, else
a a "whish".

In the last non modern version (i downgraded) after the 2.1.2 problem, 2.0.27,
when i generated a new subkey, the only passphrase asked was to unlock the private
key, it never prompted me for another passphrase for the subkey.

Thank. I was not sure about this. Thus I need to re-use the passphrase for
subkey generation (this is a bit complicated but reuidred to remove this
regression).

I could attach some screen shots if that may be of any help.

Some time passed. Did you tried with a newer version (2.1.10 is current)?

My original problem was that when generating one signing key with gnupg stable aka 2.0.29 and adding a seperate encryption subkey it only asked for my passphase to unlock the master secret key.

But when I do the same with gnupg modern ver 2.1.8 and add an encryption subkey, its prompts me for a password and upon entering a password, its prompts for the password to unlock the secret key. So there are two password prompts in the modern version. Why do I have to enter a password for the subkeys? Is it a feature of the modern gnupg?

I have downgraded to stable version 2.0.29 as a result. I have not tested the latest version as suggested 2.1.10.

------Original Message------

From: Werner Koch via BTS

To: Mr Pratish Surendra Neerputh

To: wk@gnupg.org

ReplyTo: GnuPG's BTS

ReplyTo: GnuPG's BTS

Subject: [issue1848] gpg 2.1.2 with pinentry-curses prompts for passphrase when adding subkeys

Sent: Jan 15, 2016 17:47

Werner Koch <wk@gnupg.org> added the comment:

Some time passed. Did you tried with a newer version (2.1.10 is current)?


GnuPG's BTS <gnupg@bugs.g10code.com>

<T1848>


I have tried version 2.1.9 as I couldn't get the latest version. It still prompts for a password when adding a subkey, I have also seen this behaviour with a windows binary. It does not seem to affect signing or encryption as signing still just requires the passphrase for the master key.
------Original Message------
From: Werner Koch via BTS
To: Mr Pratish Surendra Neerputh
To: wk@gnupg.org
ReplyTo: GnuPG's BTS
ReplyTo: GnuPG's BTS
Subject: [issue1848] gpg 2.1.2 with pinentry-curses prompts for passphrase when adding subkeys
Sent: Jan 18, 2016 09:46

Werner Koch <wk@gnupg.org> added the comment:

It is a bug and not a feature.


GnuPG's BTS <gnupg@bugs.g10code.com>
<T1848>


I have tested 2.1.10, same behaviour asking for a password for the subkey.
------Original Message------
From: Werner Koch via BTS
To: Mr Pratish Surendra Neerputh
To: wk@gnupg.org
ReplyTo: GnuPG's BTS
ReplyTo: GnuPG's BTS
Subject: [issue1848] gpg 2.1.2 with pinentry-curses prompts for passphrase when adding subkeys
Sent: Jan 18, 2016 09:46

Werner Koch <wk@gnupg.org> added the comment:

It is a bug and not a feature.


GnuPG's BTS <gnupg@bugs.g10code.com>
<T1848>


marcus claimed this task.
marcus added a subscriber: marcus.

I tested this with "--full-gen-key" (RSA sign only) and "--edit-key"/"addkey" (ElGamal encrypt key) and at the second step it only asks once to unlock the key.