Andreas Petzold wrote: > Hi, > > today I wanted to import a new x.509 cert into kleopatra and it didn't > show the pinentry dialog. pinentry-gtk2 was launched and was using 100% > CPU but it didn't do anything useful. Just for fun I removed > pinentry-gtk2, but then kleopatra immediately complained that it was > unable to decrypt the cert. > > I checked kwatchgnupg and the logs showed a little hint to the problem. > > gpg-agent[2117.7] DBG: <- GET_PASSPHRASE --data --repeat=0 -- X X > Passphrase: Please+enter+the+passphrase+to+unprotect+the+PKCS#12+object. > gpg-agent[2117]: starting a new PIN Entry > gpg-agent[2117]: can't connect server: ec=4.16383 > gpgsm[8945]: gpg-protect-tool: error while asking for the passphrase: No > pinentry > gpgsm[8945]: error running `/usr/libexec/gpg-protect-tool': exit status 2 > gpgsm[8945]: total number processed: 0 > gpg-agent[2117]: can't connect to the PIN entry module: End of file > gpg-agent[2117]: command get_passphrase failed: No pinentry > gpg-agent[2117.7] DBG: -> ERR 67108949 No pinentry <GPG Agent> > gpgsm[8945.0] DBG: -> S IMPORT_RES 0 0 0 0 0 0 0 0 0 0 0 0 0 0 > gpgsm[8945.0] DBG: -> ERR 50331800 Decryption failed <GpgSM> > > Looks to me like /usr/libexec/gpg-protect-tool is just choosing the wrong > pinentry executable. It should just call /usr/bin/pinentry which should > call the correct pinentry-qt4/gtk2/whatever. > > With pinentry-gtk2 removed, I started pinentry and it called pinentry-qt4. > > So there are two problems: > > a) why does pinentry-gtk2 get stuck? > b) why isn't pinentry-qt4 called by gpg-protect-tool? It's a gnupg2 bug, https://bugzilla.redhat.com/show_bug.cgi?id=548528 -- Rex
