Gopass: SSH, Error: Failed to decrypt

Created on 21 Jul 2017  路  10Comments  路  Source: gopasspw/gopass

Hello!
I seem to be having issues decrypting my passwords over ssh:

oleerik@glare ~ $ gopass dev/github/password

Error: Failed to decrypt

However, after doing this:

oleerik@glare ~ $ gpg --decrypt .password-store/dev/github/password.gpg
gpg: encrypted with 4096-bit RSA key, ID X, created 2017-02-21
      "x <x>"
My github password

It works with gopass again until timeout, I believe:

oleerik@glare ~ $ gopass dev/github/password
My github password

I'm guessing it fails at starting the terminal based pinentry window? Any known reason for this?

Version info: gopass HEAD (n/a ) go1.8.3
Linux

gpg
Source
picture fosspill
👍2

Most helpful comment

I did some debugging using strace -f. It seems like pinentry-curses complains about not having a real TTY when called by gopass. In any case, adding the following line to ~/.bashrc solves it for me:

export GPG_TTY=$(tty)
picture SimonPersson on 7 Aug 2017
👍16

All 10 comments

See my comment on #209 I think your GPG install is unlinked (Homebrew issues)

jamesboswell picture jamesboswell on 30 Jul 2017

Hm, this is on Linux and installed through "go get". Could still be related, though?
I can also say that my partner experience the same issue. Again, this is only through SSH.

And:

oleerik@glare ~ $ which gpg2
/usr/bin/gpg2
oleerik@glare ~ $ which gpg
/usr/bin/gpg
fosspill picture fosspill on 30 Jul 2017

In my case gpg2 is correctly linked

$ which gpg2 
/usr/local/bin/gpg2

but the terminal based pinentry window does not show up

vesparny picture vesparny on 31 Jul 2017

Same issue, no prompt and "failed to decrypt". Everything is fine with the decrypt command showed in debug mode and I've got the prompt.
gopass works well when the private key is unlocked.

No issue on my linux installation (fedora 26), I only have the issue with mac os x.

arthur-c picture arthur-c on 2 Aug 2017

No issue on my linux installation (fedora 26), I only have the issue with mac os x.

I had the opposite problem. Using Fedora 26 KDE, gopass would only decrypt when the private key was unlocked but it was fine with macOS. I would just receive, "Failed to decrypt" and no pinentry (curses) prompt would display.

Installing and switching to pinentry-qt worked for me. I correctly receive the prompt and the key is unlocked. That leads me to believe (along with the OP) that gopass has issues with pinentry-curses.

nathandorsey picture nathandorsey on 4 Aug 2017

@nathandorsey good call ! pinentry-qt is my default pinentry on my fedora. I switched to pinentry-mac on the Mac and it's now ok.

cat ~/.gnupg/gpg-agent.conf
pinentry-program /usr/local/bin/pinentry-mac

Forcing pinentry-curse in the gpg conf does not help. (pass is working with pinentry-curse)

arthur-c picture arthur-c on 4 Aug 2017

I did some debugging using strace -f. It seems like pinentry-curses complains about not having a real TTY when called by gopass. In any case, adding the following line to ~/.bashrc solves it for me:

export GPG_TTY=$(tty)
SimonPersson picture SimonPersson on 7 Aug 2017
👍16

Can confirm that @SimonPersson's workaround works well.

fosspill picture fosspill on 8 Aug 2017

When using the xc backend this problem still persists as export GPG_TTY=$(tty) doesn't seem to affect pinentry but only the gpg binary

niklas88 picture niklas88 on 30 Apr 2018
👍2

An easier solution is to install gpgtools with brew install gpg-suite. Gopass will then ask for the passphrase.

Knappek picture Knappek on 26 Jul 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sudoforge picture sudoforge  路  4Comments
nostdm picture nostdm  路  5Comments
worldofpeace picture worldofpeace  路  4Comments
sevenmaxis picture sevenmaxis  路  4Comments
doronbehar picture doronbehar  路  4Comments