gpg: signing failed: Inappropriate ioctl for device for Thunderbird 52.4.0, gnupg-2.1.20, enigmail-1.9.8.3 for PGP encryption/decryption over emails.
Open, NormalPublic

Description

Hi there, I use Funtoo Linux and am using a setup to encrypt/decrypt emails, as described bellow:
The current setup has these versions:
-app-crypt/gnupg-2.1.20 https://paste.pound-python.org/show/J15iQdjEco9R0K8tiFYI/
-mail-client/thunderbird-52.4.0 https://paste.pound-python.org/show/Xa21NGiUhSMZ9qi2sImM/
-app-crypt/pinentry-1.0.0 https://paste.pound-python.org/show/oHxbfVUR6kE6gY5SL2eZ/
-x11-plugins/enigmail-1.9.8.3 No USE flags available.

The issue is arisen whenever I try to send a encrypted/signed message to my recipient or whatsoever.
In Thunderbird->Enigmail->Debugging Options->View log where I was able to identify the related error,

Tests performed
I've identified the following from Enigmail's log:
[GNUPG:] KEY_CONSIDERED 1CB4928C6DD1A3E5532A7666EE6D6ABFAA37553C 2
[GNUPG:] BEGIN_SIGNING H8
[GNUPG:] PINENTRY_LAUNCHED 16750 curses 1.0.0 ? ? ?
gpg: signing failed: Inappropriate ioctl for device
[GNUPG:] FAILURE sign 83918950
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device

It's full log is here https://paste.pound-python.org/show/UJ8j0ARnu9BltCPZB1Cb/

I already tried several related attempts to solve this issue. All without success except the workaround I found here: https://tinyurl.com/ydypezkc
Which describes the following

  1. gpgconf --kill gpg-agent
  2. gpg-agent --daemon
  3. Open Thunderbird (already configured for PGP encryption) and encrypt your email
  4. Behavior is as expected: pinentry will ask your password and the task will be carried out.

After this workaround is applied pinentry will no longer be skipped issuing the related problem.

Details

Version
2.1.20
Lambd0x created this task.Jan 6 2018, 5:11 PM
werner added a subscriber: werner.

This looks more like an Enigmail bug. In particular the manual start of gpg-agent as described in the workaround is useless because gpg-agent is always started as needed. I don't know your OS and thus I do not know whether gpg-agent is used in --supervised mode, as in Debian, or in the default way. What does

gpgconf --list-dirs

give you in the error case?

Hi, Werner.
My OS has everything compiled from sources obtained from devs as they release them. Funtoo Linux is a derivative of Gentoo Linux.
Hence, the default behavior of the software is not altered except when removed some of its features, but I've installed gnupg without alteration.

I agree that gpg-agent is by default started, but it doesn't call pinentry by default after enigmail's request for the PGP encryption/signing process, resulting in the ioctl error (which as I googled discovered to be associated with the pinentry not being identified by gnupg). This error is present in the link I provided to the log in the original post.

The workaround as stated in the link was discovered from an ubuntu user and also works in Funtoo.
It basically forces gpg-agent to restart before using it for the first time, and it works I've tested it myself including the ubuntu user, the link depicted is also in the original post.

The requested output: https://paste.pound-python.org/show/778Ek9DkOHt7cxDE0X17/

werner triaged this task as Normal priority.Apr 17 2018, 7:51 PM

Do you have a chance to try with a more recent pinentry; ie. 1.10 ? This may give better diagnostics.
Another thing I would suggest is to debug the invocation of pinentry: Put

debug-pinentry
debug ipc
verbose
log-file /some/file/some/where

into ~/.gnupg/gpg-agent.conf and gpgconf --kill gpg-agent. Then try again. The problem is likely a permission problem with cureses - it can't access its tty. Did you put

GPG_TTY=$(tty)

into your .bashrc ? (Sorry for taking so long to reply).

No problem :).
Currently I cannot access this newer pinentry release.
My .bashrc is almost default, hence it doesn't have the line you requested.

Where do you want me to issue this?

debug-pinentry
debug ipc
verbose
log-file /some/file/somdebug-pinentry