Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

split-gpg2 with a passphrase is not loaded into agent until listing the keys from the server #9688

Open
ben-grande opened this issue Jan 5, 2025 · 0 comments
Open

split-gpg2 with a passphrase is not loaded into agent until listing the keys from the server #9688

ben-grande opened this issue Jan 5, 2025 · 0 comments
Labels
affects-4.2 This issue affects Qubes OS 4.2. C: split-gpg2 split-gpg version 2 needs diagnosis Requires technical diagnosis from developer. Replace with "diagnosed" or remove if otherwise closed. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information.

Comments

@ben-grande
Copy link

Qubes OS release

R4.2

Brief summary

I do not care much about passphrase in the gpg key, but as I was testing, I discovered something.

Keys are only loaded to split-gpg2 server (using isolated gnupg homedir) after they have been accessed first, such as gpg --homedir ~/.gnupg/split-gpg/dev -k >/dev/null.

I have tested this without isolated homedir and it also happens.

Steps to reproduce

  1. Generate a key with a passphrase on the split-gpg2 server.
  2. Import the public key of said key to the split-gpg2 client.
  3. Restart the server.
  4. Try to access the private key from the client will fail (not list the key at all), pinentry will not be called (using a GUI such as pinentry-gnome3 or pinentry-fltk or pinentry-qt).
  5. On the server, do a simple operation on the correct gnupg homedir such as gpg --homedir ~/.gnupg/split-gpg/dev -k >/dev/null
  6. On the client, try to access the private key with gpg -K will call the GUI pinentry, entering a correct password will list the key.

Expected behavior

Load private keys on keyrings even with passphrases when calling qubes.Gpg2.

Actual behavior

Accessing the passphrase protected private key fails unless you access it on the server first (listing the keyring, not the key specifically, is enough).
@ben-grande ben-grande added P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: bug labels Jan 5, 2025
@andrewdavidwong andrewdavidwong added needs diagnosis Requires technical diagnosis from developer. Replace with "diagnosed" or remove if otherwise closed. C: split-gpg2 split-gpg version 2 affects-4.2 This issue affects Qubes OS 4.2. labels Jan 6, 2025
@ben-grande ben-grande mentioned this issue Jan 6, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects-4.2 This issue affects Qubes OS 4.2. C: split-gpg2 split-gpg version 2 needs diagnosis Requires technical diagnosis from developer. Replace with "diagnosed" or remove if otherwise closed. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewdavidwong @ben-grande