Knock Knock

Hi Guys,

Is Steve or kubicle still looking at this post since the forum update?

Ok.

'ps -C gpg-agent' (for example)

If gpg-agent is running (you can check it's version also with 'gpg-agent --version') and it still doesn't work, you could try installing gnupg2 package if it's available on oneiric. If you wish to try gpg2 instead of gpg, you may need to point gnupg-binary to gpg2 instead of gpg in kgpg settings. I'm suggesting gnupg2 just because that's what works for me in precise, but of course you might be experiencing an issue with oneiric that I'm not aware of (and cannot test)

After I tried the fixes Steve Riley suggested things have changed a bit. gpg-agent is running. But using Kgpg gives me the same error that the file cannont be decrypted. However now with the CLI I get the following:

larrylaca1@~/Documents/gpg_test$ gpg --output clear.txt --decrypt tester2.doc.pgp

You need a passphrase to unlock the secret key for
user: larry@somewhere.net
key description

gpg: problem with the agent - disabling agent use
gpg: encrypted with 'key description'
my key listed

gpg: WARNING: message was not integrity protected
larrylaca1@~/Documents/gpg_test$


The document clear.txt is produced which can be opened with LibreOffice, which is what I wrote the message with.

So the command like works but gpg-agent seems to have some conflict and so Kgpg won't work.

I looked at what's available in 11.10 and I don't see gpg2 as listed available software. Is there some manual way I can install it? Should I, at this point? It seems like the conflict is elsewhere to my untrained eye.

I'm on my smartphone now so can't verify... Look in your kgpgrc file. An entry there points to the binary that Kgpg uses. Change that to "gpg2".

The gpg2 binary is in the package gnupg2, you can try installing it with:
(Of course if it doesn't install it's probably not available on oneiric)

Which gpg-agent version you have installed ('gpg-agent --version' to check)? It might be a conflict between gpg-agent v2 and gpg v1, in which case switching to gpg v2 might solve it.

Another thing to check, do you have pinentry-qt4 installed?

You can change that in kgpg GUI settings as well, but changing it manually should also work.

I tried installing gpg2 in a konsole as you suggested. I got a response that the latest version pf gpg was already installed. When I checked the version again it was still 1.4. The gpg-agent is version 2.0.17. Is there a way to install the older version of the agent and see if that makes a difference?

As a side note where is the file kgpgrc file located? Where is the pgp-agent app located as well as gpg and/or gpg2? Also how would I search for it with grep? All the instructions I've found so far for using grep explain how to look for a string within a file rather than just a file.

And I do have pinentry-qt 4 installed already.

You likely have both gpg versions installed, so if you run 'gpg --version' you get 1.4 (you are checking gpg), if you run 'gpg2 --version', you should get 2.0 (now you're checking gpg2 binary).

I'd recommend making kgpg use gpg2 instead of gpg first.

There are numerous commands to find files: 'locate' and 'find' are most commonly used (their man pages will tell you more, but in a nutshell locate is lightning fast and simple to use, but relies on a database which is not necessarily up-to-date if you are looking for a recent file [the database can be updated prior to searching with 'sudo updatedb'...it also runs daily via cron], while find is more versatile and powerful, always accurate, but generally much slower). Other search commands include 'which' and 'whereis', which can be useful when searching for executables.

kgpgrc is in ~/.kde/share/config/kgpgrc, but you can switch to gpg2 in kgpg GUI settings: kgpg>Settings>GnuPG-Settings>GnuPG-binary>Path:gpg2 (above the 'use gpg-agent' checkbox)

I'm on my Oneiric PC now. Both GPG packages are installed -- gnupg, which provides GPG 1.4, and gnupg2, which provides GPG 2.0. Also, from what I've observed, only GPG 2.0 supports the agent functionality, which comes from the package gnupg-agent (confusing since the package name doesn't include the "2" but the version number of the package does).

First, thanks for the tips on commands for seaching.

You are right, both versions of gpg are installed. So I just changed gpg to gpg2 in Kgpg GUI. Then just to check I looked at kgpgrc and the change showed up in there. Just to be careful, I quit Kgpg and restarted it. Then I encrypted a new file and tried to decrypt it. It didn't work, in a slightly different way.

Before I made the change from gpg to gpg2 I would get the box that asked for the password to decrypt the file. After I entered the passphrase then I would get the error message that the file could not be decrypted.

Now, when I try to decrypt using the GUI I immediately get the error message that the file can't be decrypted. I am no longer asked for my passphrase.

Wow, this is a curious one.

Can you successfully encrypt and decrypt at the command line using gpg2?

First I wanted to apologize. I thought I had posted a response a few days ago but it has disappeared. I don't know what happened. Anyway here it its now.

I can encrypt with gpg from the CLI.

Decryption still fails. I get the following message:

larrylaca1@~/Documents/gpg_test$ gpg2 --decrypt gpg_2test.doc.gpg

You need a passphrase to unlock the secret key for
user: "Larry@larrylaca1@aol.com>"
2048-bit ELG key, ID A6BBB474, created 2011-04-18 (main key ID 159DEAE7)

gpg: problem with the agent: No pinentry
gpg: encrypted with 2048-bit ELG key, ID A6BBB474, created 2011-04-18
"Larry@larrylaca1@aol.comt>"
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key
larrylaca1@~/Documents/gpg_test$

One futher note, I was playing around with the commands for gpg since I'm not particularly facile with the CLI. When I used, "gpg --list-secret-keys it lists two. They are slightly different versions of my same private key. This was probably a result of my messing around earlier. I was worried that my problems were due to the fact that I had not imported my secret key correctly, so I tried it again. The second key listed in the konsole is the one listed above in the failed decryption. The first key listed has a different entry for the lines that start "sec" and "ssb". The middle line "uid" is the same for both. So maybe that's causing the problem? Is it possible to delete one of them? In the GUI, Kgpg I can't tell which key it's referencing for my private key.

This would suggest that there is a problem with gpg-agent launching pinentry program (I recall you had pinentry-qt4 installed?) to ask for the passphrase.

A few things to check:
1. 'sudo update-alternatives --config pinentry'
2. 'sudo update-alternatives --config pinentry-x11'
(these should point to /usr/bin/pinentry-qt4 which you should check exists)
3. check whether your system has gpg-agent.conf files:
'locate gpg-agent.conf'
(If conf files are found, check that these haven't set pinentry-program -option incorrectly)

'sudo update-alternatives --config pinentry' gives:

larrylaca1@~$ sudo update-alternatives --config pinentry
[sudo] password for larrylaca1:
There are 3 choices for the alternative pinentry (providing /usr/bin/pinentry).

Selection Path Priority Status
------------------------------------------------------------
* 0 /usr/bin/pinentry-qt4 95 auto mode
1 /usr/bin/pinentry-curses 50 manual mode
2 /usr/bin/pinentry-gtk-2 85 manual mode
3 /usr/bin/pinentry-qt4 95 manual mode

Press enter to keep the current choice[*], or type selection number:


So I just hit 'Enter'.

'sudo update-alternatives --config pinentry-x11' gives:

larrylaca1@~$ sudo update-alternatives --config pinentry-x11
There are 2 choices for the alternative pinentry-x11 (providing /usr/bin/pinentry-x11).

Selection Path Priority Status
------------------------------------------------------------
* 0 /usr/bin/pinentry-qt4 95 auto mode
1 /usr/bin/pinentry-gtk-2 85 manual mode
2 /usr/bin/pinentry-qt4 95 manual mode

Press enter to keep the current choice[*], or type selection number:

So again I just hit 'Enter'.

when I do 'locate gpg-agent.conf' it yeilds nothing. If I look in my home folder in /gnupg there are a number of gpg-agent.config files. One is simply gpg-agent.conf. The others have the word 'info' in their titles. If I look at the gpg.agent.conf file it contains:


pinentry-program /usr/bin/pinentry-qt
no-grab
default-cache-ttl 200

So I added '4' after '-qt' , saved the file (overwrote the other file), quit and restarted Kgpg and got the same result as previously noted from either trying to decrypt with the GUI or the command line.

Since this is a gpg-agent config, you would need to restart the gpg-agent daemon for the config change to take effect, restarting kgpg is not enough.

Thanks

Great, it worked! Thanks so much. One small question. How do you stop and restart the daemon? I rebooted the computer, which of course did the trick.

Also, do you think I'm going to go through all of this again if I upgrade to 12.0x when it comes out? Obviously it will be a lot easier since you and Steve Riley worked out the bugs.

And also why didn't 'locate' list gpg-agent-config? In fact it doesn't seem to list a lot of stuff in my home folder.