Page MenuHome GnuPG
Create Task
Maniphest T3465

--pinentry-mode loopback with --delete-secret-keys
Closed, ResolvedPublic
Actions

Description

Hello,

the --pinentry-mode loopback doesn't work with --delete-secret-keys, it ends with error "gpg: deleting secret key failed: No pinentry" even if with --export-secret-keys is processed without any issues and passphrase is requested directly in command line

Example:

$ gpg2 --pinentry-mode loopback -a --export-secret-keys F4433F96910C9AC1FEF65A7299A5538C769B6150
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v2

lQPGBFnnSl4BCADd1wEBR7xcxBMMEmnQh7WzYe8q1f4meaBY+wes+RVyO6MZogzv
...
kr57Ty7Pvu0jrohVJeVJKJf9e82tbzzQBYldVDW4HTWUkJYBnoDFydt/+HoKJgvn
iA==
=ONaf
-----END PGP PRIVATE KEY BLOCK-----

$ gpg2 --pinentry-mode loopback --delete-secret-keys F4433F96910C9AC1FEF65A7299A5538C769B6150
gpg (GnuPG) 2.1.13; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


sec  rsa2048/99A5538C769B6150 2017-10-18 Box B6FD1270D93C <box-cert@survilla.net>

Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
gpg: deleting secret key failed: No pinentry
gpg: deleting secret subkey failed: No pinentry
gpg: F4433F96910C9AC1FEF65A7299A5538C769B6150: delete key failed: No pinentry

This is a problem if I am connected to remote machine and need to remove secret key from keyring.

Details

Version
2.1.13

Revisions and Commits

rG GnuPG
rG20acc7c02265 g10,agent: Support CONFIRM for --delete-key.

Related Objects

Event Timeline

homolkao created this task.Oct 24 2017, 3:04 PM
werner triaged this task as Normal priority.Oct 24 2017, 3:07 PM
werner added a subscriber: werner.

gpg-agent sometimes pops up confirmation dialogs. This can't yet be handled with the loopback pinentry. Try gpg option --batch.

homolkao added a comment.Oct 24 2017, 5:00 PM

Unfortunately --batch option doesn't help, it only suppresses user input.

$ gpg2 --pinentry-mode loopback --batch --delete-secret-keys F4433F96910C9AC1FEF65A7299A5538C769B6150
gpg: deleting secret key failed: No pinentry
gpg: deleting secret subkey failed: No pinentry
gpg: F4433F96910C9AC1FEF65A7299A5538C769B6150: delete key failed: No pinentry

GPG pinentry works well on my Gnome desktop (wellformated form appear) but I have a problem when I need remove secret key (enter passphrase) on remote machine via SSH.
It can be handled with --export why not with --delete-secret-keys?
Is there some fix already? Or roadmap this will be fixed? Or some workaround how can I remove secret key remotely via SSH?

matheusmoreira added a subscriber: matheusmoreira.May 9 2019, 8:55 PM
gniibe claimed this task.May 29 2019, 5:30 AM
gniibe added a subscriber: gniibe.

I wrote a patch in a topic branch: rG108c22c9c50a: g10,agent: Support CONFIRM for --delete-key.
I think that gpg-agent side,

  • agent/call-pinentry.c: This part is good
  • agent/command.c: I wonder if use of status for passing the information of prompt is good or not

Perhaps, we need an improvement in

  • g10/call-agent.c: how to ask user, by cpr_* function with no keyword is good?
  • Currently, only using DESC
  • Only applying to DELETE_KEY command
  • Can be applied also to:
    • PKSIGN
    • PKDECRYPT
matheusmoreira added a comment.May 29 2019, 10:16 AM

I also experienced this issue while testing my --delete-secret-key patches. Passing --pinentry-program /usr/bin/pinentry-tty to the gpg-agent worked around it.

gniibe added a commit: rG20acc7c02265: g10,agent: Support CONFIRM for --delete-key..Jun 4 2019, 2:23 AM
gniibe closed this task as Resolved.Jun 4 2019, 2:24 AM
werner mentioned this in T4667: "gpg: deleting secret key failed: No pinentry" when in --batch mode with --pinentry=loopback.Mar 18 2020, 3:02 PM
gniibe mentioned this in T3366: Secret keys won't delete.Nov 10 2020, 2:39 AM
gniibe merged a task: T3366: Secret keys won't delete.
gniibe added a subscriber: Kelbom68.