Linux: pass show not showing the secret

Amit Saha amitsaha.in at gmail.com
Sun Nov 14 03:26:33 UTC 2021 


> On 14 Nov 2021, at 12:54 pm, Amit Saha <amitsaha.in at gmail.com> wrote:
> 
> On Sun, Nov 7, 2021 at 11:30 AM Amit Saha <amitsaha.in at gmail.com> wrote:
>> 
>> On Sun, Nov 7, 2021 at 10:50 AM Lee Ball <lee at leeball.dev> wrote:
>>> 
>>> Sorry to spam you here Amit- I forgot to put the list on the To: line in
>>> case the info is helpful to anyone else:
>> 
>> All good, thanks for sharing the tips. This is what I have now.
>> 
>> My Gpg agent is running via a systemd user service:
>> 
>> [Unit]
>> Description=GnuPG cryptographic agent and passphrase cache
>> Documentation=man:gpg-agent(1)
>> Requires=gpg-agent.socket
>> 
>> [Service]
>> ExecStart=/usr/bin/gpg-agent --supervised --debug-all
>> ExecReload=/usr/bin/gpgconf --reload gpg-agent
>> 
>> 
>> 
>> My config files:
>> 
>> $ cat ~/.gnupg/gpg.conf
>> # pinentry-mode loopback
>> 
>> (I had to comment that out since otherwise "pass" gives this error:
>> gpg: Sorry, we are in batchmode - can't get input)
>> 
>> 
>> My gpg-agent.conf is now:
>> 
>> $ cat ~/.gnupg/gpg-agent.conf
>> debug 1024
>> debug-level advanced
>> debug-pinentry
>> 
>> pinentry-program /usr/bin/pinentry-curses
>> log-file gpg-agent.log
>> display :0
>> 
>> When I do a "pass show <password>", it asks me for the passphrase, if
>> i enter the wrong pass phrase, it does come back with an error saying
>> bad passphrase.
>> So it seems to me that the gpg decryption is happening, but then
>> something is getting lost.
>> 
>> If i look at the gpg-agent.log file (after i have once successfully
>> entered my pass phrase), i see this when i do a "pass show
>> <password>":
>> 
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK Pleased to meet
>> you, process 2671
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- RESET
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION ttyname=/dev/pts/1
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION
>> ttytype=xterm-256color
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION display=:0.0
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION
>> xauthority=/home/echorand/.Xauthority
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION
>> putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION lc-ctype=en_AU.UTF-8
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION
>> lc-messages=en_AU.UTF-8
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- GETINFO version
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> D 2.2.19
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION allow-pinentry-notify
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION agent-awareness=2.1.0
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- HAVEKEY <KEY ID>
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- HAVEKEY <KEY ID>
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- HAVEKEY <KEY ID>
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- RESET
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- SETKEY <KEY ID>
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- SETKEYDESC
>> Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22Amit+Saha+<amitsaha.in at gmail.com>%22%0A256-bit+ECDH+key,+ID+2936DD677ED4C323,%0Acreated+2021-10-02+(main+key+ID+2A18534CA9B35D2B).%0A
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- PKDECRYPT
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> S INQUIRE_MAXLEN 4096
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> INQUIRE CIPHERTEXT
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- [ 44 20 28 37 3a
>> 65 6e 63 2d 76 61 6c 28 34 3a 65 ...(105 byte(s) skipped) ]
>> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- END
>> 2021-11-07 11:28:29 gpg-agent[2614] DBG: chan_10 -> [ 44 20 28 35 3a
>> 76 61 6c 75 65 33 33 3a 40 8b 7a ...(31 byte(s) skipped) ]
>> 2021-11-07 11:28:29 gpg-agent[2614] DBG: chan_10 -> OK
>> 2021-11-07 11:28:29 gpg-agent[2614] DBG: chan_10 <- [eof]
>> 
>> Appreciate any further debugging tips.
> 
> Finally managed to work around it. After a bit of experimentation, I
> realized that it was mainly gpg failing to decrypt a file on my Linux
> system (gpg version 2.2.19) which I had encrypted with gpg 2.3.3 on my
> Mac. So..then i thought, let me try and upgrade to gpg 2.3.3 on Linux.
> So, I did what anyone who had already spent too much with this would
> do - I installed Manjaro Linux, hoping to get the 2.3.3 in any of the
> AURs. Fortunately, the installed version of 2.2.29 just fixed
> everything.
> 
> So, here's the summary:
> 
> Mac: gpg 2.3.3 - where i created my initial password store (git hosted)
> 
> Linux 1: gpg 2.2.19 (Didn't work)
> 
> Ubuntu:
> 
> gpg (GnuPG) 2.2.19
> libgcrypt 1.8.5
> Copyright (C) 2019 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> 
> Home: /home/echorand/.gnupg
> Supported algorithms:
> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
> Cypher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
>        CAMELLIA128, CAMELLIA192, CAMELLIA256
> Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
> 
> 
> Linux 2: gpg 2.2.29 (Worked)
> 
> Manjaro:
> 
> gpg (GnuPG) 2.2.29
> libgcrypt 1.9.4-unknown
> Copyright (C) 2021 Free Software Foundation, Inc.
> License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> 
> Home: /home/echorand/.gnupg
> Supported algorithms:
> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
>        CAMELLIA128, CAMELLIA192, CAMELLIA256
> Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
> 

And MacOS:

% gpg --version
gpg (GnuPG) 2.3.3
libgcrypt 1.9.4
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/echorand/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


> I am glad I can continue to use pass.
> 
> Best Regards,
> -Amit.

More information about the Password-Store mailing list