I can confirm that the patch from the referenced commit fixes the issue. Thanks for the quick action!

thanks for the report. I've commited a different fix 0e2e53c8987d6f236aaef515eb005e8e86397fbc which also should solve the problem.

Adding the patch here.

Thanks for all the fixes! I can confirm commit dad35d65f05eb1c15589a7e4755dcae6aed2d6cf works just fine on all my machines (Linux & macOS).

gpg-agent side is fixed to relax the error handling.

I pushed the fix. Thanks for your cooperation.

Thanks for further testing.
I realized that it's not the left border drawing problem in fact, but the newline should be between the description and passphrase line.
I'm going to fix this.

Thanks for the further fix! With that only a minor hiccup remains:

Thanks for the update! With git-master, the toy example above works fine. However, pinentry-curses seems to hang with real commands from gpg. Here is an example:

$ ./curses/pinentry-curses 
OK Pleased to meet you
SETDESC 請輸入密語來解鎖 OpenPGP 私鑰:%0A%22Chih-Hsuan Yen <yan12125@gmail.com>%22%0A3072 位元長的 DSA 金鑰, ID F98EF2A7B0A098AE,%0A建立於 2018-04-25 (主要金鑰 ID 3FDDD575826C5C30).%0A
OK
SETPROMPT 密語:
OK
GETPIN

(CPU usage of ./curses/pinentry-curses goes > 90%)

I pushed the change to master.
Please test.

Well in my browser (Firefox) the dialogs are not rendered correctly. Here are the two dialogs in the terminal:

Thanks for the feedback, @werner. I think I understand the reasons that we've gotten to this place -- but that doesn't mean i think it's ok to stay here. In this bug report, i'm pointing out that the documentation and the feedback/error reporting is misleading, which leads to difficulty in debugging. We need to do something about it.

pinentry-gnome has no grab support. However, it needs to accept that option so that gpg-agent does not error out. We want to have the same global options for all pinentries. Whether they work depends on the pinentry and other parameters. For example when falling back to curses grab won't work in any pinentry.

I note that this is likely happening because we are using gcr's system-modal prompter. I haven't looked into whether it's even possible to use gcr in a non-system-modal way, but i'd welcome pointers.

No worries -- you led me in the direction of a solution when you mentioned loopback mode. I appreciate your time and your help!

Sorry, I responded in a mode of "tracking a bug to fix soonish". I should have changed my mode into showing HOWTO.
Thanks for sharing useful link.

I found these instructions for pinentry loopback in Emacs, and they worked!

When you can configure it properly, there is a way to workaround it.

For (1): it is broken out-of-the-box, that would be true. When you can configure it properly, there is a way to workaround it. Well, I admit, it's not yet perfect.

Thank you for that analysis. I don't understand some of the parts (because I don't know anything about pinentry), but I do have some questions.

Thanks for your report. The symptom you have could be only solved by using pinentry loopback mode, or using some special pinentry for CLI, I suppose. pinentry-tty is not sufficient for this usage.

Please let me know if I can run any other tests to help debug this issue. I'm happy to help.

I should add that using gpg on the command line works fine over SSH. The problem occurs only inside Emacs over SSH.

Ah, I added the --verbose option and got this output (sanitized by me):

Sorry, I forgot to mention it. You need to add -v to the command line.

Thank you, werner. Could you please tell me an exact GPG command to do this signing, and tell me where the output line should appear? I tried this command on the command line:

Which pinentry are you using in in what mode? Please do a sign operation and watch out for a line similar to:

This is known and by design, basically it is a legacy X feature. For Wayland, the window manager determines if a window should be blocking, no grab or grab, not anything applications themselves have control over. This came up many times when I was first making the interfaces. You can reference these two comments, but there are many more in between them.

As this task has no obvious next step I'm closing it.

Doesn't look like T4347 in that no errors show
stopping daemons and restarting kleoptra "sometimes" fixes it and pinentry windows shows, until it does all operations fail with pinentry missing
running pinentry-qt.exe I get
Please note that you don't have secure memory on this system
OK Pleased to meet you
We seem to have stopped it happening by randomly changing settings - generating blank conf files, reinstalling pgp4win but cannot pinpoint exactly what change fixes the error and because it's intermittent we may just be getting lucky

Could it be that you are running into: T4347 ? Maybe this will just be fixed for you then in the next version.

@nbriggs No this is not related if you get "no pinentry" it means pinentry is not started at all. This issue is about pinentry starting but not properly coming to the foreground. I've opened T4430 for your issue.

in I think a related scenario we are having the pinentry window not spawn at all, leading to "no pinentry" errors
Win 10 latest patches Mar 2019
Version 3.1.4-gpg4win-3.1.5
We've tried a few hacks including adding the .conf file to C:\Program Files (x86)\GnuPG\bin with
pinentry-program "C:\Program Files (x86)\Gpg4win\bin\pinentry-qt.exe"

Thanks for the confirmation. Although I still don't really know how to fix it :-(

I can also confirm this bug!

The issue for the quality indication is: T2103

FWIW I like @gouttegd 's patchset.

In T4346#122098, @werner wrote:

The quality bar is switched off by default. That feature including the quality was ordered and accepted by a client. I don't like it either and thus the new default of having it disabled is a useful solution.

thanks for the report. Yes this is a known issue. This pinentry is so basic that it does not have dynamic layout as we don't include GUI libraries in the basic installer. For a better pinentry you can install Gpg4win.
In the future we are thinking about adding a pinentry based on the small "FLTK" toolkit, with dynamic layout.

Original issue (of pinentry-curses, which should be killed by CTRL-C) is related to T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry, I suppose. It is fixed in master and testing.
I don't know about the second one with pinentry-tty.

Pinentry already has a ttyalert option which may be set to beep or flash to ring the bell or flash the terminal, respectively (see commit 1dba96fafa123f3631c0a50bb01835306c23b903).

I can't tell whether this bug report is about all the ways that we wish that GnuPG's default password process was better, or whether it's about one specific change.

Regarding the quality evaluation, several months ago I proposed to optionally delegate that task to an external tool (specified by a new gpg-agent option passphrase-checker). I posted a first draft as D442 and then submitted a proper patchset to gnupg-devel, but although @werner expressed interest it was never merged. I have just checked that the patchset still applies cleanly to both the master branch and the STABLE-BRANCH-2-2. I can re-submit it to the mailing list if needed.

I have updated Pinentry’s configure script to support the --disable-doc option, as it is indeed supported in other GnuPG components.

Patch applied, thanks.

Patch applied, thanks.

The quality bar is switched off by default. That feature including the quality was ordered and accepted by a client. I don't like it either and thus the new default of having it disabled is a useful solution.

But to resolve this bug I also want to remove stuff like "ooooh you should use numbers or something like that" we have that in configuration but our default code is too dumb to be useful (afaik "password" is accepted with 90% quality). We also have a bug for the quality thingy, which I also find important because that is the first contact with our software.

Found it: T3724

No that bug is different. Nowadays you have to solve four dialogs to create a key without a passphrase.

So you mean the bug that you see a second set of passphrase dialogs iff you told the first one that you don't want a passphrase? That is not trivial to fix because we use the passphrase cache to avoid the double passpharse questions. Without passphrase cache we need a separate code path.

No! That is not what I want with this issue. We should ask once for a passphrase and then shut up.

Yeah, it is annoying. Maybe it is indeed better not to ask for a passphrase at all.

The problem only occurs with the gtk platformtheme.

BTW I am aware that Git repository does not contain many files which are prebuilt in tarballs. I am okay with that, I know the difference. I am just reporting that pinentry's configure script is missing an option, which is clearly needed and which is present in other components.

I wasn't using tarballs. I have fetched code from Git (git clone git://git.gnupg.org/pinentry).

Well, that is a detailed bug report. Thanks.

This issue prevents a user from accessing any other window on their system while the pinentry prompt is up. This issue is different than T2145. This issue is explicitly about the system-wide nature of the modal. The other issue is about auto-typing from a password manager.

@a_p3rson : Yes. I agree that I think that cepxuo meant something differently then you.

Could you say, on which platforms exactly it should work?

Yes, due it uses adwaita-qt theme.
Yes, I can start it on the command line and it works, but gives a warning.

I think the point of my request was originally missed. I will take a screen
capture of the pinentry workflow during authentication and signing tasks -
in my opinion, they should be the same. However, during signing, the window
gets display focus (Windows switches it to the active window), whereas
during authentication it does not (and has to be alt-tabbed/switched to for
pin entry).

Andre explained that we don't do that anymore on purpose. Duck and read the discussion related to this if you are intereested. A related thing is that no-grab does not work on all platforms because it was designed for standard X but nowdays toolkits have their own ideas what is right and what is wrong.

no-grab does only work on certain platforms. Thus this is no bug.

pinentry-qt giving Gtk- warnings? Very strange. Please give an example. You can start pinentry on the command line like

if you start gpg-agent in that deprecated way it sees the envvars. it will even see them if it is as suggested started on-demand by gpg. However, things are different when a gpg-agent is already running; in that case only the listed envvars are conveyed to the pinentry.

It's white due to https://dev.gnupg.org/T4144

Moreover, pinentry-qt doesn't ignore env if it runned from gpg-agent. So you are wrong about technical reason.

for comparison pinentry-qt doesn't ignore env:

"partially" means it doesn't allow to input elsewhere, but in case of focus loose input will go nowhere