#861 Encrypting/signing message with non-smartcard key fails with empty error message

[Peter Müller]

I have two keys in use: One is located on a smartcard, the other is located on hard disk. Both are correctly known to gpg (appearing in gpg2 --list-secret-keys).

Using the smartcard key is possible without any limitation in enigmail, however, using the "normal" key fails with an empty error message ("Error - encryption failed") where no reason is given. A debug log file is attachet, let me know if you need further information.

My smardcard reader is a Cherry KC 1000 SC keyboard with built-in smartcard slot. For smartcard operations, the PIN is read directly from the keyboard. Using the "normal" key in a terminal also works well so it seems to be related to Enigmail, and not to gpg2.

[Peter Müller]

Example of the graphical error message.

[Patrick Brunschwig]

Your problem is that GnuPG tries to use pinentry-curses. But that's a command-line tool that cannot be used via Thunderbird - you need to configure pinentry-gtk or pinentry-qt.

[GNUPG:] PINENTRY_LAUNCHED 3391 curses 1.1.0 - xterm -
gpg: signing failed: Inappropriate ioctl for device
[GNUPG:] FAILURE sign 83918950
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device

Edit the file $HOME/.gnupg/gpg-agent.conf. Make sure that there is a configuration entry pinentry-program containing the full path to a graphical version of pinentry as above. E.g.:

pinentry-program /usr/local/bin/pinentry-gtk

[Peter Müller]

Thank you for the quick reply.

Adding pinentry-program /usr/bin/pinentry-qt5 to the ~/.gnupg/gpg-agent.conf and reloading the agent via echo RELOADAGENT | gpg-connect-agent solved the problem.