[OpenIndiana-discuss] GPG2 on OI

[Tim Mooney]

In regard to: Re: [OpenIndiana-discuss] GPG2 on OI, stes at PANDORA.BE said...:

> I can confirm I've had for the last months some annoying (blocking!) issues with GPG2 on OI,
> but some issues also happen on other operating systems (pin entry related), so this may be a GPG2 issue, and not an OI issue.  Anyway ...
>

Thanks for the response David, I really appreciate it.  I'm glad to see
it's not just my install.

> What I do as workaround is use "loopback" mode, I'm not sure whether you
> tried that, from reading your posting I think you may have already tried
> that :

I hadn't, but I gave it a try and did get gpg2 to prompt for a passphrase,
but as you've also experienced, it hangs after accepting the passphrase.

My debugging seems to indicate that the pinentry programs work as
expected.  I don't think either pinentry-gtk-2 or pinentry-curses are
to blame, because if I run one directly, like:

 	/usr/lib/pinentry-curses

and then enter the following commands (use the 'tty' command to get your
correct ttyname first, each command should result in an OK response):

 	SETTITLE This is my title

 	OPTION ttyname=/dev/pts/5

 	OPTION ttytype=vt100

 	OPTION lc-ctype=en_US.UTF-8

 	SETPROMPT Enter your Passphrase:

 	SETDESC Passphrase to get more Cookies!

 	GETPIN

Once you issue the GETPIN, it should draw the dialog and let you enter
a passphrase, which it will echo back to you after you press enter.

I've tried truss with various operations and it seems like gpg2 is having
trouble communicating over the UNIX socket with the running agent.

I've also discovered that after one of these apparently failed
communications, the gpg-agent process starts accumulating CPU time
at a rapid rate.  I've also found when that happens that

 	gpgconf --kill gpg-agent

does not work.

> $ gpg2 --pinentry-mode loopback --gen-key
>
> Currently I have installed version 2.3.2
>
> $ gpg2 --version
> gpg (GnuPG) 2.3.2
> libgcrypt 1.9.4

Same versions I'm using.

> This comes from
>
> $ pkg list gnupg libgcrypt
> NAME (PUBLISHER)                                  VERSION                    IFO
> crypto/gnupg                                      2.3.2-2020.0.1.0           i--
> system/library/security/libgcrypt                 1.9.4-2020.0.1.0           i--
>
>
> Unfortunately even if I use "loopback" mode GPG2 is not working for me on OI.
>
> For example when I try
>
> $ gpg2 --pinentry-mode loopback --gen-key
>
> It hangs on:
>
> We need to generate a lot of random bytes. It is a good idea to perform
> some other action (type on the keyboard, move the mouse, utilize the
> disks) during the prime generation; this gives the random number
> generator a better chance to gain enough entropy.
>
> After a while I abort, no key is generated for me ...

It hangs for me after multiple different operations too, including
decrypting a text file that was encrypted for my ID on a different system.

Anyway, thanks for confirming you're seeing similar issues.  I'll report
back to the mailing list if I make any progress debugging it.

Tim
-- 
Tim Mooney                                             Tim.Mooney at ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology    /                701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164