Page MenuHome GnuPG

Make the error message when pinentry does not have a tty more clear
Open, NormalPublic


evolution calls gpg2 in a way where stdin is redirected so there is no tty.
(example echo test | gpg2 --sign --armor -u $USER). If there is GUI pinentry
installed it properly asks for the passphrase. However if it is not installed
the error message is quite cryptic:

gpg: signing failed: Inappropriate ioctl for device

Would it be possible to detect such situation and provide more meaningful error
message? Such as 'Missing tty for displaying passphrase entry.'



Event Timeline

More info from our evolution maintainer Milan Crha:

I would rather like to see a fallback on the gnupg2 to instruct the caller that
the password is missing, like it does when gpg-agent is turned off (there was a
use-agent option in the past, maybe only in gpg1?).

The --passphrase-fd option works only with conjunction with --batch command in
gpg2, but the libcamel uses --batch only if no password is needed. There is used
the --command-fd to provide passwords, which worked for years. Really, the
problem is that gpg2 doesn't claim that it requires password, it simply fails,
because gpg-agent failed when it was supposed to ask for the password.

werner added a subscriber: werner.

GnuPG 2.1 requires the agent and thus the Pinentry. --use-agent is thus a
no-op. The Pinentry can be replaced by the --pinentry-mode=loopback but I don't
think that this is a good idea.

2.1.17 along with pinentry 1.0 does much better error reporting for badly
configured system (e.g. an incomplete installed GCR when using pinnetry-gnome,
or a missing GPG_TTY for the curses fallback.)

Too much time has passed since I worked with Jeffrey to fix gpg problems in Evo.
I can't even remember whether Evo uses GPGME (which I would strongly suggest).
Anyway, Milan may ask for advice on gnupg-devel and I take care that the GnuPG
teams helps him to get things fixed. he might also chime in on gnupg-devel at