80

Im trying to setup my gnupg configuration on MAC OS 11.2.1

So far I have setup my SSH, I have generated my GPG key and added it into GPG agent.

Now, if I run this command:

 echo "test" | gpg --clearsign

I am getting this result:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

test
gpg: signing failed: No pinentry
gpg: [stdin]: clear-sign failed: No pinentry

The problem is, that the pinetry is installed:

pinentry-curses (pinentry) 1.1.1
Copyright (C) 2016 g10 Code GmbH
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

In my gpg-agent.conf file, I have this line:

pinentry-program /usr/local/bin/pinentry-mac

In my gpg.conf I have this line:

no-tty

gpg version:

gpg (GnuPG) 2.2.27
libgcrypt 1.9.2
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/usr/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

I have tried to kill gpg agent and reinstall gnupg several times, reinstal pinentry. Nothing helped.

Improve this question
0

3 Answers 3

Reset to default
118

The command

brew install pinentry

Aparrently installed the pinentry into different path, than the gpg-agent.conf file has. If someone runs into this problem, just do

which pinentry-mac

And the path it gives you, put into gpg-agent.conf file.

If there is no gpg-agent.conf file found in ~/.gnupg/ directory, then create it.

touch ~/.gnupg/gpg-agent.conf

Very Important

Run gpgconf --kill gpg-agent after change the conf file. Thanks to Jérémie Boulay

Improve this answer
12
  • 1
    That didn't worked for me. I've the same path saved in gpg-agent.cong.file than the one given by the command which pinentry-mac.
    – Jérémie Boulay
    Commented Mar 2, 2021 at 11:26
  • 58
    Oh! It's finally worked after using this command: gpgconf --kill gpg-agent. Maybe the pinentry upgrade wasn't take in account by the previous gpg-agent.
    – Jérémie Boulay
    Commented Mar 2, 2021 at 12:59
  • 1
    Same as @JérémieBoulay but in my case the reason was that OSX's UI crashed during the night without rebooting the base OS apparently (uptime was still 8 days+). Apparently my new login instance wasn't able to contact the running gpg agent and git commit was failing to sign my commits. Again, killing the agent as above fixed the problem.
    – RobM
    Commented Apr 14, 2021 at 2:10
  • 4
    Did you mean brew install pinentry-mac?
    – What Would Be Cool
    Commented May 5, 2022 at 20:08
  • 1
    How exactly should I "put into gpg-agent.conf file"?
    – JustTheHighlights
    Commented Oct 21, 2022 at 16:56
2

For any who gets this, i was able to resolve this error when trying to create a GPG key on MacOS (Intel chip) by following the instructions at here.

gpg --full-gen-key --pinentry-mode loopback

'--pinentry-mode loopback' option is used to by pass the need for pinentry. see further details here.

Improve this answer
1
  • omFg! I have been hunting for this for like 2 days, I couldn't sign, but encryption worked. I never notice that I was using --pinentry-mode loopback with encrypt and not sign!
    – Shuryno
    Commented Feb 7 at 19:38
2

For the Macs with a finger print sensor, there is even a better tool, called pinentry-touchid

how to install

brew tap jorgelbg/tap
brew install pinentry-touchid

how to setup gpg

echo pinentry-program $(which pinentry-touchid) >> ~/.gnupg/gpg-agent.conf

To verify the config, you should see something like this:

cat ~/.gnupg/gpg-agent.conf
default-cache-ttl 600
max-cache-ttl 7200
pinentry-program /opt/homebrew/bin/pinentry-touchid
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .