Page MenuHome GnuPG

Pinentry doesn't capture input correctly, crashes terminal instead
Open, NormalPublic

Description

Expected Behavior

When decrypting a duplicati backup, I can enter my private key passphrase into pinentry.

Actual Behavior

Pinentry does not capture the input correctly, so I can't enter my password. Instead, the terminal crashes and produces gibberish. The mode of entering stars is sometimes on, sometimes off; when opening vim in the same shell afterwards, sometimes i is not parsed as "insert mode" anymore, instead a * is written to the top left of the screen (but not into the file). reset does not help, only closing the shell is helping.

I tested it both with the normal ssh shell and with tmux.

Steps to reproduce

  1. ssh into the server
  2. export GPG_TTY=$(tty)
  3. duplicati-cli backup webdav://owncloud.test.org/remote.php/dav/files/staging/ duplicati_2.0.3.3-1_all.deb --auth-password=test --auth-username=test --use-ssl --encryption-module=gpg --gpg-encryption-command=--encrypt --gpg-encryption-switches=--recipient\ "test@test.org" --passphrase=unused --prefix=testgpg4
  4. duplicati-cli restore webdav://owncloud.test.org/remote.php/dav/files/staging/ --auth-password=test --auth-username=test --use-ssl --encryption-module=gpg --gpg-encryption-command=--decrypt --passphrase=unused --prefix=testgpg4
  5. Try to enter passphrase into prompt
  6. At some point, give up and press ctrl+c
  7. while some of the entered chars are randomly turned into *, open vim
  8. press a for a while, press enter once, press a for a while again, when it says "--insert--" at the bottom, press enter again
  9. see the pinentry shell again, which tells you that you have 2 tries left for the passphrase
  10. enter the passphrase correctly
  11. see how it goes back to the duplicati shell, but does nothing for at least 10 minutes (I'm keeping you updated if this changes.)

Screenshots

before it loads the pinentry prompt:

!screenshot_2018-10-19_17-52-02

first pinentry does not capture the input:

!screenshot_2018-10-19_18-58-31

at some point it captures random letters (but not all), until you finish the process with ctrl+c:

!screenshot_2018-10-19_18-59-00

Even if you reset the terminal, it randomly changes some letters you enter into *, they even jump to the imaginary line in the center of the screen:

!screenshot_2018-10-19_18-59-00

And even inside vim:

!screenshot_2018-10-19_19-04-08

But if you press the right keys, you suddenly glitch back into pinentry:

!screenshot_2018-10-19_20-06-32

And if you enter the passphrase correctly, you see the duplicati shell again, but it's frozen:

!screenshot_2018-10-19_20-08-55

What a ride.

Related

issue in the duplicati issue tracker: https://github.com/duplicati/duplicati/issues/3446

Details

External Link
https://github.com/duplicati/duplicati/issues/3446
Version
pinentry 1.0.0

Event Timeline

Thanks for the reporting templates; would mind to fill in some bug details?

b3yond set External Link to https://github.com/duplicati/duplicati/issues/3446.
b3yond set Version to pinentry 1.0.0.
b3yond updated the task description. (Show Details)
b3yond updated the task description. (Show Details)

Sorry, pressed enter too early. the bug report is complete so far. I guess it is a lot of work to reproduce, so I'd try to be very responsive instead.

Almost the same bug also happens with pinentry-tty.

Steps to reproduce

  1. sudo apt remove pinentry-curses
  2. sudo apt install pinentry-tty
  3. export GPG_TTY=$(tty)
  4. duplicati-cli restore webdav://owncloud.test.org/remote.php/dav/files/staging/ --auth-password=test --auth-username=test --use-ssl --encryption-module=gpg --gpg-encryption-command=--decrypt --passphrase=unused --prefix=testgpg4
  5. Try to enter passphrase into prompt, press enter

Expected Behavior

now * should appear, so you can see how much you already entered. When I press enter, I expect duplicati to continue the restore process.

Actual Behavior

Nothing appears; and pressing enter does not work either. When you press ctrl+c, nothing happens. you can only get out of it through ctrl+z, but then still you can't type any characters into the shell.

Original issue (of pinentry-curses, which should be killed by CTRL-C) is related to T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry, I suppose. It is fixed in master and testing.
I don't know about the second one with pinentry-tty.

werner triaged this task as Normal priority.Apr 23 2019, 1:36 PM