Linux: pass show not showing the secret

Amit Saha amitsaha.in at gmail.com
Sun Nov 14 01:54:01 UTC 2021 

On Sun, Nov 7, 2021 at 11:30 AM Amit Saha <amitsaha.in at gmail.com> wrote:
>
> On Sun, Nov 7, 2021 at 10:50 AM Lee Ball <lee at leeball.dev> wrote:
> >
> > Sorry to spam you here Amit- I forgot to put the list on the To: line in
> > case the info is helpful to anyone else:
>
> All good, thanks for sharing the tips. This is what I have now.
>
> My Gpg agent is running via a systemd user service:
>
> [Unit]
> Description=GnuPG cryptographic agent and passphrase cache
> Documentation=man:gpg-agent(1)
> Requires=gpg-agent.socket
>
> [Service]
> ExecStart=/usr/bin/gpg-agent --supervised --debug-all
> ExecReload=/usr/bin/gpgconf --reload gpg-agent
>
>
>
> My config files:
>
> $ cat ~/.gnupg/gpg.conf
> # pinentry-mode loopback
>
> (I had to comment that out since otherwise "pass" gives this error:
> gpg: Sorry, we are in batchmode - can't get input)
>
>
> My gpg-agent.conf is now:
>
> $ cat ~/.gnupg/gpg-agent.conf
> debug 1024
> debug-level advanced
> debug-pinentry
>
> pinentry-program /usr/bin/pinentry-curses
> log-file gpg-agent.log
> display :0
>
> When I do a "pass show <password>", it asks me for the passphrase, if
> i enter the wrong pass phrase, it does come back with an error saying
> bad passphrase.
> So it seems to me that the gpg decryption is happening, but then
> something is getting lost.
>
> If i look at the gpg-agent.log file (after i have once successfully
> entered my pass phrase), i see this when i do a "pass show
> <password>":
>
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK Pleased to meet
> you, process 2671
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- RESET
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION ttyname=/dev/pts/1
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION
> ttytype=xterm-256color
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION display=:0.0
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION
> xauthority=/home/echorand/.Xauthority
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION
> putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION lc-ctype=en_AU.UTF-8
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION
> lc-messages=en_AU.UTF-8
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- GETINFO version
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> D 2.2.19
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION allow-pinentry-notify
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- OPTION agent-awareness=2.1.0
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- HAVEKEY <KEY ID>
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- HAVEKEY <KEY ID>
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- HAVEKEY <KEY ID>
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- RESET
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- SETKEY <KEY ID>
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- SETKEYDESC
> Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22Amit+Saha+<amitsaha.in at gmail.com>%22%0A256-bit+ECDH+key,+ID+2936DD677ED4C323,%0Acreated+2021-10-02+(main+key+ID+2A18534CA9B35D2B).%0A
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- PKDECRYPT
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> S INQUIRE_MAXLEN 4096
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 -> INQUIRE CIPHERTEXT
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- [ 44 20 28 37 3a
> 65 6e 63 2d 76 61 6c 28 34 3a 65 ...(105 byte(s) skipped) ]
> 2021-11-07 11:28:28 gpg-agent[2614] DBG: chan_10 <- END
> 2021-11-07 11:28:29 gpg-agent[2614] DBG: chan_10 -> [ 44 20 28 35 3a
> 76 61 6c 75 65 33 33 3a 40 8b 7a ...(31 byte(s) skipped) ]
> 2021-11-07 11:28:29 gpg-agent[2614] DBG: chan_10 -> OK
> 2021-11-07 11:28:29 gpg-agent[2614] DBG: chan_10 <- [eof]
>
> Appreciate any further debugging tips.

Finally managed to work around it. After a bit of experimentation, I
realized that it was mainly gpg failing to decrypt a file on my Linux
system (gpg version 2.2.19) which I had encrypted with gpg 2.3.3 on my
Mac. So..then i thought, let me try and upgrade to gpg 2.3.3 on Linux.
So, I did what anyone who had already spent too much with this would
do - I installed Manjaro Linux, hoping to get the 2.3.3 in any of the
AURs. Fortunately, the installed version of 2.2.29 just fixed
everything.

So, here's the summary:

Mac: gpg 2.3.3 - where i created my initial password store (git hosted)

Linux 1: gpg 2.2.19 (Didn't work)

Ubuntu:

gpg (GnuPG) 2.2.19
libgcrypt 1.8.5
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/echorand/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cypher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


Linux 2: gpg 2.2.29 (Worked)

Manjaro:

gpg (GnuPG) 2.2.29
libgcrypt 1.9.4-unknown
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/echorand/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

I am glad I can continue to use pass.

Best Regards,
-Amit.

More information about the Password-Store mailing list