Fedora 28 + SplitGPG : gpg: public key decryption failed: Inappropriate ioctl for device
965 views
Skip to first unread message
799
May 31, 2018, 5:02:59 PM5/31/18
to qubes-users
Hello,
after rebuilding my fedora-26 templates using fedora-28-templates it seems that Split-GPG is broken.
In the Vault-VM:
I can use GPG to encrypt and decrypt data in the Vault-VM
If I am in an AppVM I can run qubes-gpg-client to list my key, whis is locates in the Vault-VM:
[user@my-privmail ~]$ qubes-gpg-client -K
/home/user/.gnupg/pubring.gpg
-----------------------------
sec rsa2048 2018-12-31 [SC] [expires: 2019-12-31]
16xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxF
uid [ultimate] user <user@qubes>
ssb rsa2048 2018-12-31 [E] [expires: 2019-12-31]
[user@my-privmail ~]$ echo Plaintext > test.txt
[user@my-privmail ~]$ qubes-gpg-client-wrapper --encrypt -r qubes --armor test.txt > test.txt.asc
[user@my-privmail ~]$ cat test.txt.asc
-----BEGIN PGP MESSAGE-----
hQEMA8F4bMR6pkDPAQf+Pbd4q+Bdp4LVar+iuwsOmBg1d60EOTDospPQ7WxgSPn+
<lines removed>
5pgUsaEsflKMHEGxRB5kjgreNPpRrvUMZlOkAFAnAnQbaWkeQcSVEK+4tEwycist
f8xC5xe+
=weMx
-----END PGP MESSAGE-----
If I try to decrypt a file in the AppVM I get an error:
In the Vault-VM:
I can use GPG to encrypt and decrypt data in the Vault-VM
I have setup Split-GPG and it works (encrypting and decrypting)
If I am in an AppVM I can run qubes-gpg-client to list my key, whis is locates in the Vault-VM:
[user@my-privmail ~]$ qubes-gpg-client -K
/home/user/.gnupg/pubring.gpg
-----------------------------
sec rsa2048 2018-12-31 [SC] [expires: 2019-12-31]
16xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxF
uid [ultimate] user <user@qubes>
ssb rsa2048 2018-12-31 [E] [expires: 2019-12-31]
[user@my-privmail ~]$ echo Plaintext > test.txt
[user@my-privmail ~]$ qubes-gpg-client-wrapper --encrypt -r qubes --armor test.txt > test.txt.asc
[user@my-privmail ~]$ cat test.txt.asc
-----BEGIN PGP MESSAGE-----
hQEMA8F4bMR6pkDPAQf+Pbd4q+Bdp4LVar+iuwsOmBg1d60EOTDospPQ7WxgSPn+
<lines removed>
5pgUsaEsflKMHEGxRB5kjgreNPpRrvUMZlOkAFAnAnQbaWkeQcSVEK+4tEwycist
f8xC5xe+
=weMx
-----END PGP MESSAGE-----
[user@my-privmail ~]$ qubes-gpg-client-wrapper --decrypt test.txt.asc
gpg: encrypted with 2048-bit RSA key, ID CxxxxxxxxxxxxxxF, created 2018-12-31 "user <user@qubes>"
pg: decryption failed: No secret keygpg: public key decryption failed: Inappropriate ioctl for device
I did some googling and came across this:
https://github.com/Homebrew/homebrew-core/issues/14737
I did some googling and came across this:
https://github.com/Homebrew/homebrew-core/issues/14737
it seems that there is something wrong with accessing the private key.
I like to have Split-GPG fixed, any ideas what to do?
[799]
I like to have Split-GPG fixed, any ideas what to do?
[799]
799
Jun 1, 2018, 11:11:32 AM6/1/18
to qubes-users
Hello,
On 31 May 2018 at 23:02, 799 <one7...@gmail.com> wrote:
Hello,after rebuilding my fedora-26 templates using fedora-28-templates it seems that Split-GPG is broken.
If I try to decrypt a file in the AppVM I get an error:[user@my-privmail ~]$ qubes-gpg-client-wrapper --decrypt test.txt.ascgpg: encrypted with 2048-bit RSA key, ID CxxxxxxxxxxxxxxF, created 2018-12-31"user <user@qubes>"pg: decryption failed: No secret keygpg: public key decryption failed: Inappropriate ioctl for device
I did some more research and it seems that the error message has something to do with the method how GPG gets the passphrase.
Could this link include some information to get a solution:
Solutoin:To solve the problem, you need to enable loopback pinentry mode. Add this to ~/.gnupg/gpg.conf:
use-agent pinentry-mode loopback
And add this to ~/.gnupg/gpg-agent.conf, creating the file if it doesn't already exist:
allow-loopback-pinentry
Then restart the agent with echo RELOADAGENT | gpg-connect-agent and you should be good to go!
doug.st...@agileelement.com
Apr 1, 2019, 1:31:02 PM4/1/19
to qubes-users
Thans!!
Reply all
Reply to author
Forward
0 new messages