Menu

Cannot connect to gpg-agent

2016-02-28
2016-02-28
  • Peter Lucas

    Peter Lucas - 2016-02-28

    Hi there,

    I am new to using Ubuntu/Linux systems and I've been trying to set up Enigmail with Thunderbird running on Ubuntu 15.10. I'm sure that this is a very simple problem to solve, but I have exactly 90 mins experience of working on this OS.

    At the moment nothing seems to be working correctly. I have installed the Enigmail extension in Thunderbird and gone through the key creation process. The first hint that all is not well is when attempting to create a revocation certificate - Enigmail complains that a pass phrase was not entered but does not prompt for a passphrase. I believe that Enigmail is attempting to retrieve the passphrase from gpg-agent and failing.

    In the preferences diaglogue, if I attempt to change the 'remember pass phrase for...' setting I get the error "Cannot connect to gpg-agent..." Thinking that there might be some sort of conflict with gnome-keyring I have disabled gnome-keyring in start up applications and restarted the machine. The same errors occur.

    In the terminal, I can run gpg --list-keys and see the key that I created. If I type gpg-agent I get the message "no gpg-agent running in this session."

    Can anyone provide some suggestions about what I should do next?

     
  • Olav Seyfarth

    Olav Seyfarth - 2016-02-28

    Here's how I solved the "gpg-agent" issue on Mint 17.3 Cinnamon (Ubuntu 14.04 based but should be the same in this respect). I also disable keyring for ssh since I prefer to use ssh-add.

    (default install)
    (install gnupg2)
    mv /etc/xdg/autostart/gnome-keyring-gpg.desktop /etc/xdg/autostart/gnome-keyring-gpg.desktop.disabled
    echo "use-agent" >>~/.gnupg/gpg.conf
    (import your keys)
    (reboot)

    Note that you need a new session, thus either log out and back in or simply reboot.

     

    Last edit: Olav Seyfarth 2016-03-03
    • Tom Bradschetl

      Tom Bradschetl - 2016-02-28

      (Comming from here) It’s not working for me, either.

      /etc/xdg/autostart/gnome-keyring-gpg.desktop
      

      ^ This file didn't exist in my installation. Instead I have

      $ ls /etc/xdg/autostart/gnome-keyring-*
      /etc/xdg/autostart/gnome-keyring-gpg.desktop-disable  /etc/xdg/autostart/gnome-keyring-pkcs11.desktop  /etc/xdg/autostart/gnome-keyring-secrets.desktop  /etc/xdg/autostart/gnome-keyring-ssh.desktop.disabled
      

      Also gnupg-doc had no installation candidate, but that should be OK, shouldn't it?!

       
  • Peter Lucas

    Peter Lucas - 2016-02-28

    Thanks, but the advice in the FAQ is to check pinentry, which I've done and it displays the hello world message outside of the terminal. The next step is to add a line to the .conf file. Except I can't because it's owned by root so I can't save changes in gedit and I don't know how to edit this file in the terminal.

    I also tried the pkill -f .... but this had no effect.

    I feel that I'm out of my depth here trying to get this to work!

     
    • Matthias Bergt

      Matthias Bergt - 2016-02-28

      You should have a ~/.gnupg/gpg-agent.conf, which should be "yours".

      I added "pinentry-program /usr/bin/pinentry" here, and now it works - at least a bit: the password is not remembered anymore.

      I had this experience using Lubuntu 15.10, where Enigmail 1.9 complained about pinentry; it differs from the behavior unter Lubuntu 15.4, where there was the gpg-agent issue.

       
      • Matthias Bergt

        Matthias Bergt - 2016-02-28

        After adding "use-standard-socket" in ~/.gnupg/gpg-agent.conf, it didn't work anymore, even not after again deleting "use-standard-socket" and logging out and in again.

        Step 6 of https://enigmail.net/index.php/en/faq?view=category&id=14 shows the following error message:

        gpg-agent[4827]: chan_6 -> ERR 67109139 Unbekanntes IPC Kommando <GPG Agent>
        

        (unknown PIC command) and after entering my passphrase:

        gpg-agent[4827]: chan_7 <- ERR 83886254 Unbekannte Option <Pinentry>
        

        (unknown option) (several times).

        I wonder whether I actally have to reboot?!

        I will test and report

         
        • Matthias Bergt

          Matthias Bergt - 2016-02-28

          OK: Reboot helps, but so does "killall gpg-agent".

          Still: Adding "use-standard-socket" in ~/.gnupg/gpg-agent.conf, pinentry does not work anymore.

          With just

          default-cache-ttl 600
          max-cache-ttl 600
          pinentry-program /usr/bin/pinentry
          

          in ~/.gnupg/gpg-agent.conf, the passphrase will not be cached, which is really annoying.

          Logged messages (with "gpg-agent --debug-level expert --use-standard-socket --daemon /bin/sh"):

          gpg-agent --debug-level expert --use-standard-socket --daemon /bin/sh
          gpg-agent[2185]: enabled debug flags: command cache assuan
          gpg-agent[2185]: Es wird auf Socket `/home/u/.gnupg/S.gpg-agent' gehört
          gpg-agent[2186]: gpg-agent (GnuPG) 2.0.28 started
          $ gpg-agent[2186]: Handhabungsroutine 0x812f1730 für fd 6 gestartet
          gpg-agent[2186]: chan_6 -> OK Pleased to meet you, process 2189
          gpg-agent[2186]: chan_6 <- RESET
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION display=:0.0
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION xauthority=/home/user/.Xauthority
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION putenv=XMODIFIERS=@im=ibus
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION putenv=GTK_IM_MODULE=xim
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-N4V7jzAeyQ
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION putenv=QT_IM_MODULE=ibus
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION allow-pinentry-notify
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- AGENT_ID
          gpg-agent[2186]: chan_6 -> ERR 67109139 Unbekanntes IPC Kommando <GPG Agent>
          gpg-agent[2186]: chan_6 <- GETINFO cmd_has_option GET_PASSPHRASE repeat
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- GET_PASSPHRASE --data --repeat=0 -- 6834495E4BD55B8B990FCC1A984A3A08F502B27B X X Sie+benötigen+eine+Passphrase,+um+den+geheimen+OpenPGP+Schlüssel+zu+entsperren.%0ABenutzer:+%22Matthias+Bergt+<XXX>%22%0A4096-bit+RSA+Schlüssel,+ID+FYYYY,+erzeugt+2012-12-22+(Hauptschlüssel-ID+ZZZ)%0A
          gpg-agent[2186]: DBG: agent_get_cache `6834495E4BD55B8B990FCC1A984A3A08F502B27B'...
          gpg-agent[2186]: DBG: ... miss
          gpg-agent[2186]: starting a new PIN Entry
          gpg-agent[2186]: chan_7 <- OK Pleased to meet you, process 2186
          gpg-agent[2186]: DBG: connection to PIN entry established
          gpg-agent[2186]: chan_7 -> OPTION grab
          gpg-agent[2186]: chan_7 <- OK
          gpg-agent[2186]: chan_7 -> OPTION ttyname=/dev/pts/0
          gpg-agent[2186]: chan_7 <- OK
          gpg-agent[2186]: chan_7 -> OPTION ttytype=xterm
          gpg-agent[2186]: chan_7 <- OK
          gpg-agent[2186]: chan_7 -> OPTION allow-external-password-cache
          gpg-agent[2186]: chan_7 <- OK
          gpg-agent[2186]: chan_7 -> OPTION default-ok=_OK
          gpg-agent[2186]: chan_7 <- OK
          gpg-agent[2186]: chan_7 -> OPTION default-cancel=_Abbrechen
          gpg-agent[2186]: chan_7 <- OK
          gpg-agent[2186]: chan_7 -> OPTION default-yes=_Ja
          gpg-agent[2186]: chan_7 <- ERR 83886254 Unbekannte Option <Pinentry>
          gpg-agent[2186]: chan_7 -> OPTION default-no=_Nein
          gpg-agent[2186]: chan_7 <- ERR 83886254 Unbekannte Option <Pinentry>
          gpg-agent[2186]: chan_7 -> OPTION default-prompt=PIN:
          gpg-agent[2186]: chan_7 <- OK
          gpg-agent[2186]: chan_7 -> OPTION default-pwmngr=Im Passwordmanager _speichern
          gpg-agent[2186]: chan_7 <- OK
          gpg-agent[2186]: chan_7 -> OPTION default-cf-visi=Möchten Sie die eingegebene Passphrase wirklich auf dem Bildschirm sichtbar machen?
          gpg-agent[2186]: chan_7 <- ERR 83886254 Unbekannte Option <Pinentry>
          gpg-agent[2186]: chan_7 -> OPTION default-tt-visi=Die Passphrase sichtbar machen
          gpg-agent[2186]: chan_7 <- ERR 83886254 Unbekannte Option <Pinentry>
          gpg-agent[2186]: chan_7 -> OPTION default-tt-hide=Passphrase unsichtbar machen
          gpg-agent[2186]: chan_7 <- ERR 83886254 Unbekannte Option <Pinentry>
          gpg-agent[2186]: chan_7 -> OPTION touch-file=/home/user/.gnupg/S.gpg-agent
          gpg-agent[2186]: chan_7 <- OK
          gpg-agent[2186]: chan_7 -> GETINFO pid
          gpg-agent[2186]: chan_7 <- D 2193
          gpg-agent[2186]: chan_7 <- OK
          gpg-agent[2186]: chan_6 -> INQUIRE PINENTRY_LAUNCHED 2193
          gpg-agent[2186]: chan_6 <- END
          gpg-agent[2186]: chan_7 -> SETKEYINFO u/6834495E4BD55B8B990FCC1A984A3A08F502B27B
          gpg-agent[2186]: chan_7 <- OK
          gpg-agent[2186]: chan_7 -> SETDESC Sie benötigen eine Passphrase, um den geheimen OpenPGP Schlüssel zu entsperren.%0ABenutzer: %22Matthias Bergt <X>%22%0A4096-bit RSA Schlüssel, ID YYY, erzeugt 2012-12-22 (Hauptschlüssel-ID ZZZ)%0A
          gpg-agent[2186]: chan_7 <- OK
          gpg-agent[2186]: chan_7 -> SETPROMPT Passphrase
          gpg-agent[2186]: chan_7 <- OK
          gpg-agent[2186]: chan_7 -> [[Confidential data not shown]]
          gpg-agent[2186]: chan_7 <- [[Confidential data not shown]]
          gpg-agent[2186]: chan_7 <- [[Confidential data not shown]]
          gpg-agent[2186]: chan_7 -> BYE
          gpg-agent[2186]: DBG: agent_put_cache `6834495E4BD55B8B990FCC1A984A3A08F502B27B' requested ttl=0 mode=3
          gpg-agent[2186]: chan_6 -> [[Confidential data not shown]]
          gpg-agent[2186]: chan_6 -> [[Confidential data not shown]]
          gpg-agent[2186]: chan_6 <- [eof]
          gpg-agent[2186]: Handhabungsroutine 0x812f1730 für den fd 6 beendet
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für fd 7 gestartet
          gpg-agent[2186]: chan_7 -> OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 <- OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 -> GETINFO pid
          gpg-agent[2186]: chan_7 <- GETINFO pid
          gpg-agent[2186]: chan_7 -> D 2186
          gpg-agent[2186]: chan_7 -> OK
          gpg-agent[2186]: chan_6 <- D 2186
          gpg-agent[2186]: chan_6 <- OK
          gpg-agent[2186]: chan_6 -> BYE
          gpg-agent[2186]: chan_7 <- BYE
          gpg-agent[2186]: chan_7 -> OK closing connection
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für den fd 7 beendet
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für fd 7 gestartet
          gpg-agent[2186]: chan_7 -> OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 <- OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 -> GETINFO pid
          gpg-agent[2186]: chan_7 <- GETINFO pid
          gpg-agent[2186]: chan_7 -> D 2186
          gpg-agent[2186]: chan_7 -> OK
          gpg-agent[2186]: chan_6 <- D 2186
          gpg-agent[2186]: chan_6 <- OK
          gpg-agent[2186]: chan_6 -> BYE
          gpg-agent[2186]: chan_7 <- BYE
          gpg-agent[2186]: chan_7 -> OK closing connection
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für den fd 7 beendet
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für fd 7 gestartet
          gpg-agent[2186]: chan_7 -> OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 <- OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 -> GETINFO pid
          gpg-agent[2186]: chan_7 <- GETINFO pid
          gpg-agent[2186]: chan_7 -> D 2186
          gpg-agent[2186]: chan_7 -> OK
          gpg-agent[2186]: chan_6 <- D 2186
          gpg-agent[2186]: chan_6 <- OK
          gpg-agent[2186]: chan_6 -> BYE
          gpg-agent[2186]: chan_7 <- BYE
          gpg-agent[2186]: chan_7 -> OK closing connection
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für den fd 7 beendet
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für fd 7 gestartet
          gpg-agent[2186]: chan_7 -> OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 <- OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 -> GETINFO pid
          gpg-agent[2186]: chan_7 <- GETINFO pid
          gpg-agent[2186]: chan_7 -> D 2186
          gpg-agent[2186]: chan_7 -> OK
          gpg-agent[2186]: chan_6 <- D 2186
          gpg-agent[2186]: chan_6 <- OK
          gpg-agent[2186]: chan_6 -> BYE
          gpg-agent[2186]: chan_7 <- BYE
          gpg-agent[2186]: chan_7 -> OK closing connection
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für den fd 7 beendet
          gpg-agent[2186]: Handhabungsroutine 0x812f1730 für fd 6 gestartet
          gpg-agent[2186]: chan_6 -> OK Pleased to meet you, process 2254
          gpg-agent[2186]: chan_6 <- RESET
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION ttyname=/dev/pts/3
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION ttytype=xterm
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION display=:0.0
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION xauthority=/home/user/.Xauthority
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION putenv=XMODIFIERS=@im=ibus
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION putenv=GTK_IM_MODULE=xim
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-N4V7jzAeyQ
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION putenv=QT_IM_MODULE=ibus
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION lc-ctype=de_DE.UTF-8
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- OPTION lc-messages=de_DE.UTF-8
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- getinfo version
          gpg-agent[2186]: chan_6 -> D 2.0.28
          gpg-agent[2186]: chan_6 -> OK
          gpg-agent[2186]: chan_6 <- [eof]
          gpg-agent[2186]: Handhabungsroutine 0x812f1730 für den fd 6 beendet
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für fd 7 gestartet
          gpg-agent[2186]: chan_7 -> OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 <- OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 -> GETINFO pid
          gpg-agent[2186]: chan_7 <- GETINFO pid
          gpg-agent[2186]: chan_7 -> D 2186
          gpg-agent[2186]: chan_7 -> OK
          gpg-agent[2186]: chan_6 <- D 2186
          gpg-agent[2186]: chan_6 <- OK
          gpg-agent[2186]: chan_6 -> BYE
          gpg-agent[2186]: chan_7 <- BYE
          gpg-agent[2186]: chan_7 -> OK closing connection
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für den fd 7 beendet
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für fd 7 gestartet
          gpg-agent[2186]: chan_7 -> OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 <- OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 -> GETINFO pid
          gpg-agent[2186]: chan_7 <- GETINFO pid
          gpg-agent[2186]: chan_7 -> D 2186
          gpg-agent[2186]: chan_7 -> OK
          gpg-agent[2186]: chan_6 <- D 2186
          gpg-agent[2186]: chan_6 <- OK
          gpg-agent[2186]: chan_6 -> BYE
          gpg-agent[2186]: chan_7 <- BYE
          gpg-agent[2186]: chan_7 -> OK closing connection
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für den fd 7 beendet
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für fd 7 gestartet
          gpg-agent[2186]: chan_7 -> OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 <- OK Pleased to meet you, process 2186
          gpg-agent[2186]: chan_6 -> GETINFO pid
          gpg-agent[2186]: chan_7 <- GETINFO pid
          gpg-agent[2186]: chan_7 -> D 2186
          gpg-agent[2186]: chan_7 -> OK
          gpg-agent[2186]: chan_6 <- D 2186
          gpg-agent[2186]: chan_6 <- OK
          gpg-agent[2186]: chan_6 -> BYE
          gpg-agent[2186]: chan_7 <- BYE
          gpg-agent[2186]: chan_7 -> OK closing connection
          gpg-agent[2186]: Handhabungsroutine 0x812f1ef0 für den fd 7 beendet
          gpg-agent[2186]: Handhabungsroutine 0x812f1730 für fd 6 gestartet
          gpg-agent[2186]: chan_6 -> OK Pleased to meet you, process 2282
          gpg-agent[2186]: chan_6 <- BYE
          gpg-agent[2186]: chan_6 -> OK closing connection
          gpg-agent[2186]: Handhabungsroutine 0x812f1730 für den fd 6 beendet
          

          "gpgconf --check-programs"
          reports:

          gpg:GPG for OpenPGP:/usr/bin/gpg2:1:1:
          gpg-agent:GPG Agent:/usr/bin/gpg-agent:1:1:
          gpgconf: Fehler bei Ausführung von `/usr/lib/gnupg2/scdaemon': wahrscheinlich nicht installiert
          scdaemon:Smartcard Daemon:/usr/lib/gnupg2/scdaemon:0:0:
          gpgconf: Fehler bei Ausführung von `/usr/bin/gpgsm': wahrscheinlich nicht installiert
          gpgsm:GPG for S/MIME:/usr/bin/gpgsm:0:0:
          gpgconf: Fehler bei Ausführung von `/usr/bin/dirmngr': wahrscheinlich nicht installiert
          dirmngr:Directory Manager:/usr/bin/dirmngr:0:0:
          

          Any ideas?

           
          • Ludwig Hügelschäfer

            pinentry-program /usr/bin/pinentry

            This one is probably not suited. Which pinentry variants do you have installed? pinentry-qt? pinentry-gtk?

            Could you please try one of them?

             

            Last edit: Ludwig Hügelschäfer 2016-02-28
            • Matthias Bergt

              Matthias Bergt - 2016-02-28

              I changed the setting to pinentry-qt4 (-gtk is not installed) - no changes.

               
              • Matthias Bergt

                Matthias Bergt - 2016-02-28

                In addition, I tried:

                gpg-connect-agent <<EOT
                GET_CONFIRMATION Hello
                EOT
                

                and got:

                gpg-connect-agent: can't connect to the agent: IPC "connect" Aufruf fehlgeschlagen
                

                which seems to refer to the IPC problem I already mentioned.

                 

                Last edit: Matthias Bergt 2016-02-28
                • Ludwig Hügelschäfer

                  If you still have "use-standard-socket" active, try disabling it.

                   
                  • Matthias Bergt

                    Matthias Bergt - 2016-02-28

                    No, with "use-standard-socket", it doesn't work at all.

                     
              • Olav Seyfarth

                Olav Seyfarth - 2016-02-28

                If you play with parameters in gpg-agent.conf, make sure to logout/login before you test.

                 
                • Matthias Bergt

                  Matthias Bergt - 2016-02-28

                  Log out & in again was not enough - I either had to reboot or killall gpg-agent.

                   
          • Olav Seyfarth

            Olav Seyfarth - 2016-02-28

            scdaemon?

            If you actually USE a SmartCard (OpenPGP SmartCard 2.0 / NitroKey / YubiKey Neo / ...), there are quite some further hurdles (different thread, please).

             

            Last edit: Olav Seyfarth 2016-02-28
            • Matthias Bergt

              Matthias Bergt - 2016-02-28

              I don't use a smartcard, that's just the output of "gpgconf --check-programs". Or does it mean something that scdeamon appears there? Then I would apreciate a hint where to fix this.

               
              • Ludwig Hügelschäfer

                No, scdaemon is a standard component of GnuPG 2.

                 
    • Olav Seyfarth

      Olav Seyfarth - 2016-02-28

      Call me and I'll give you a kickstart. Report your lessons learned here afterwards.

      <--

       

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.