[SOLVED] pinentry-{qt|gtk} does not offer saving passphrase via lib...

Specialist · 2024-11-16 18:43:26

Hi there,

I am currently trying to configure pinentry for GnuPG so that it can save / read the secret to / from KeepassXC via the KeepassXC secret service (libsecret).

I verified that the KeepassXC secret service integration works correctly using `secret-tool`. I configured the agent in `~/.gnupg/gpg-agent.conf` and the configured pinentry program is effective and I set `PINENTRY_KDE_USE_WALLET=1` for the Plasma session. Unfortunately, neither `pinentry-qt`, nor `pinentry-gtk` offer an option to save the entered secret despite what the documentation I found via a Google search suggest. Restarting the agent does not help.

Any ideas what I may be missing?

Thanks,
Thilo

Last edited by Specialist (Yesterday 19:09:34)

seth · 2024-11-16 22:11:44

https://dev.gnupg.org/D569

pinentry-qt

OPTION allow-external-password-cache
SETKEYINFO foo
GETPIN

Specialist · 2024-11-18 18:35:53

seth wrote:

pinentry-qt

OPTION allow-external-password-cache
SETKEYINFO foo
GETPIN

Well, that's how I can trigger this for testing purposes as the MR states:

> This patch can also be tested directly with pinentry as long as OPTION allow-external-password-cache and SETKEYINFO <mykeyinfo> are sent before prompting.

The question, however, is how to get this working with real client interaction, e.g., from KMail.

Using the manual test procedure actually creates an entry in KeepassXC, so if that's the way to go for creating an entry (that will later be used by client operations), which value do I need to supply as keyinfo to match a given GPG key?

Thanks!

Last edited by Specialist (2024-11-18 18:36:13)

seth · 2024-11-18 18:48:33

You don't. KMail would have to.

What you're doing there is manually use the assuan protocol that's also used by clients like kmail to talk to pinentry.
It's just to check that the pinentry feature principally works
The client will have to issue the OPTION and SETKEYINFO to some ID it's gonna use later on.

gpg-agents should™ do this, though. But idk how kmail handles any of this and on what condition.
https://userbase.kde.org/KMail/PGP_MIME#Issues

Specialist · 2024-11-19 06:21:32

seth wrote:

You don't. KMail would have to.

That makes sense, thanks! I guess this can possibly be configured at Configure -> Security -> Encryption -> GnuPG Settings..., which just brings up an error message for me:

KPluginFactory could not create a KCModule instance from /usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so

ldd complains about:

$ ldd /usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so
/usr/bin/ldd: line 159: /usr/lib/ld-linux.so.2: cannot execute binary file: Exec format error
        linux-vdso.so.1 (0x000072372e0ef000)
        libKPim6Libkleo.so.6 => /usr/lib/libKPim6Libkleo.so.6 (0x000072372ded0000)
        libqgpgmeqt6.so.15 => /usr/lib/libqgpgmeqt6.so.15 (0x000072372dda6000)
        libKF6CoreAddons.so.6 => /usr/lib/libKF6CoreAddons.so.6 (0x000072372dcc6000)
        libQt6Widgets.so.6 => /usr/lib/libQt6Widgets.so.6 (0x000072372d400000)
        libQt6Core.so.6 => /usr/lib/libQt6Core.so.6 (0x000072372ce00000)
        libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x000072372ca00000)
        libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x000072372dc96000)
        libc.so.6 => /usr/lib/libc.so.6 (0x000072372c80f000)
        libKF6Completion.so.6 => /usr/lib/libKF6Completion.so.6 (0x000072372dc5a000)
        libKF6ColorScheme.so.6 => /usr/lib/libKF6ColorScheme.so.6 (0x000072372dc44000)
        libKF6ConfigGui.so.6 => /usr/lib/libKF6ConfigGui.so.6 (0x000072372dc0e000)
        libKF6ItemModels.so.6 => /usr/lib/libKF6ItemModels.so.6 (0x000072372dbb8000)
        libKF6WidgetsAddons.so.6 => /usr/lib/libKF6WidgetsAddons.so.6 (0x000072372c400000)
        libKF6Codecs.so.6 => /usr/lib/libKF6Codecs.so.6 (0x000072372db81000)
        libKF6I18n.so.6 => /usr/lib/libKF6I18n.so.6 (0x000072372cd83000)
        libKF6ConfigCore.so.6 => /usr/lib/libKF6ConfigCore.so.6 (0x000072372cd0c000)
        libQt6Gui.so.6 => /usr/lib/libQt6Gui.so.6 (0x000072372ba00000)
        libgpgmepp.so.6 => /usr/lib/libgpgmepp.so.6 (0x000072372cca5000)
        libgpgme.so.11 => /usr/lib/libgpgme.so.11 (0x000072372c7be000)
        /usr/lib64/ld-linux-x86-64.so.2 (0x000072372e0f1000)
        libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x000072372db57000)
        libQt6DBus.so.6 => /usr/lib/libQt6DBus.so.6 (0x000072372c703000)
        libudev.so.1 => /usr/lib/libudev.so.1 (0x000072372c6bd000)
        libm.so.6 => /usr/lib/libm.so.6 (0x000072372c311000)
        libicui18n.so.75 => /usr/lib/libicui18n.so.75 (0x000072372b600000)
        libicuuc.so.75 => /usr/lib/libicuuc.so.75 (0x000072372b406000)
        libglib-2.0.so.0 => /usr/lib/libglib-2.0.so.0 (0x000072372b2b6000)
        libz.so.1 => /usr/lib/libz.so.1 (0x000072372db3c000)
        libsystemd.so.0 => /usr/lib/libsystemd.so.0 (0x000072372b1c2000)
        libdouble-conversion.so.3 => /usr/lib/libdouble-conversion.so.3 (0x000072372cc8e000)
        libb2.so.1 => /usr/lib/libb2.so.1 (0x000072372c69f000)
        libpcre2-16.so.0 => /usr/lib/libpcre2-16.so.0 (0x000072372b130000)
        libzstd.so.1 => /usr/lib/libzstd.so.1 (0x000072372b051000)
        libKF6GuiAddons.so.6 => /usr/lib/libKF6GuiAddons.so.6 (0x000072372b9b5000)
        libEGL.so.1 => /usr/lib/libEGL.so.1 (0x000072372c68d000)
        libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x000072372b001000)
        libX11.so.6 => /usr/lib/libX11.so.6 (0x000072372aec0000)
        libxkbcommon.so.0 => /usr/lib/libxkbcommon.so.0 (0x000072372ae78000)
        libGLX.so.0 => /usr/lib/libGLX.so.0 (0x000072372c2df000)
        libOpenGL.so.0 => /usr/lib/libOpenGL.so.0 (0x000072372b98a000)
        libpng16.so.16 => /usr/lib/libpng16.so.16 (0x000072372ae3d000)
        libharfbuzz.so.0 => /usr/lib/libharfbuzz.so.0 (0x000072372ad1e000)
        libmd4c.so.0 => /usr/lib/libmd4c.so.0 (0x000072372c677000)
        libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x000072372ac54000)
        libassuan.so.9 => /usr/lib/libassuan.so.9 (0x000072372ac3f000)
        libdbus-1.so.3 => /usr/lib/libdbus-1.so.3 (0x000072372abee000)
        libcap.so.2 => /usr/lib/libcap.so.2 (0x000072372c66b000)
        libicudata.so.75 => /usr/lib/libicudata.so.75 (0x0000723728e00000)
        libpcre2-8.so.0 => /usr/lib/libpcre2-8.so.0 (0x0000723728d61000)
        libgomp.so.1 => /usr/lib/libgomp.so.1 (0x000072372ab9b000)
        libQt6WaylandClient.so.6 => /usr/lib/libQt6WaylandClient.so.6 (0x0000723728c6d000)
        libwayland-client.so.0 => /usr/lib/libwayland-client.so.0 (0x000072372c2d0000)
        libGLdispatch.so.0 => /usr/lib/libGLdispatch.so.0 (0x0000723728bb5000)
        libexpat.so.1 => /usr/lib/libexpat.so.1 (0x000072372ab71000)
        libxcb.so.1 => /usr/lib/libxcb.so.1 (0x0000723728b8a000)
        libgraphite2.so.3 => /usr/lib/libgraphite2.so.3 (0x0000723728b68000)
        libbz2.so.1.0 => /usr/lib/libbz2.so.1.0 (0x000072372ab5e000)
        libbrotlidec.so.1 => /usr/lib/libbrotlidec.so.1 (0x0000723728b59000)
        libwayland-cursor.so.0 => /usr/lib/libwayland-cursor.so.0 (0x000072372b980000)
        libffi.so.8 => /usr/lib/libffi.so.8 (0x000072372ab53000)
        libXau.so.6 => /usr/lib/libXau.so.6 (0x000072372d3fb000)
        libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x0000723728b51000)
        libbrotlicommon.so.1 => /usr/lib/libbrotlicommon.so.1 (0x0000723728b2e000)

$ file /usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so
/usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6b5d8dcddaeb9949de5ca6419271cbf19806a23e, stripped

Not sure what is causing the exec format error...

seth · 2024-11-19 06:59:29

file /usr/lib/ld-linux.so.2
stat /usr/lib/ld-linux.so.2

KPluginFactory could not create a KCModule instance from /usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so

https://forum.manjaro.org/t/issue-with- … e/163868/2

https://userbase.kde.org/KMail/PGP_MIME#Issues wrote:

To be sure the "passphrase agent" (gpg-agent) is enabled, check your ~/.gnupg/gpg.conf and eventually uncomment the line containing "use-agent".

Specialist · 2024-11-19 07:33:21

seth wrote:

file /usr/lib/ld-linux.so.2
stat /usr/lib/ld-linux.so.2

$ /usr/lib/ld-linux.so.2
/usr/lib/ld-linux.so.2: symbolic link to ../lib32/ld-linux.so.2

$ pacman -Qo /usr/lib/ld-linux.so.2
/usr/lib/ld-linux.so.2 is owned by lib32-glibc 2.40+r16+gaa533d58ff-2

$ pacman -Qo /usr/lib32/ld-linux.so.2
/usr/lib32/ld-linux.so.2 is owned by lib32-glibc 2.40+r16+gaa533d58ff-2

$ ldd /usr/lib32/ld-linux.so.2
/usr/bin/ldd: line 159: /usr/lib/ld-linux.so.2: cannot execute binary file: Exec format error
        not a dynamic executable

That's not surprising as I disabled ia32 via

ia32_emulation=false

on the kernel cmdline. What's surprising, though, is, that the Kleopatra config plugin requires 32-bit code despite being a 64-bit executable:

$ file /usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so
/usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6b5d8dcddaeb9949de5ca6419271cbf19806a23e, stripped

Edit:

use-agent

is already enabled.

Last edited by Specialist (2024-11-19 07:36:12)

seth · 2024-11-19 14:04:59

If we ignore kleopatra:

ps aux | grep gpg
printenv | grep -i gpg

To be clear: kmail *does* invoke the selected pinentry dialog and doesn't show you an internal one?

Also

The wiki wrote:

An alternative for KDE Wallet is /usr/bin/pinentry-kwallet which requires installing the kwalletcli (AUR) package.

Specialist · 2024-11-19 14:51:35

seth wrote:

To be clear: kmail *does* invoke the selected pinentry dialog and doesn't show you an internal one?

Yes, varying the pinentry-program changes the L&F.

I finally managed to get it working by removing the "disallow external password cache" flag in the standard Kleopatra config.

I still have no clue why the Kleopatra plugin does not load in KMail's settings. I re-enabled ia32, the exec format error is gone, but still no GnuPG config in KMail.

seth · 2024-11-19 15:14:15

\o/
Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

Do you still get

KPluginFactory could not create a KCModule instance from /usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so

?
The only other reference to that is that manjaro thread.
=> https://bugs.kde.org/buglist.cgi?quicks … Akleopatra

The /usr/lib/ld-linux.so.2 error is probably a red herring, ldd still prints the linked objects, so ld-linux.so.2 probably only fails on a test-bite to figure that this ain't a 32bit ELF.

Arch Linux

#1 2024-11-16 18:43:26

[SOLVED] pinentry-{qt|gtk} does not offer saving passphrase via lib...

#2 2024-11-16 22:11:44

Re: [SOLVED] pinentry-{qt|gtk} does not offer saving passphrase via lib...

#3 2024-11-18 18:35:53

Re: [SOLVED] pinentry-{qt|gtk} does not offer saving passphrase via lib...

#4 2024-11-18 18:48:33

Re: [SOLVED] pinentry-{qt|gtk} does not offer saving passphrase via lib...

#5 2024-11-19 06:21:32

Re: [SOLVED] pinentry-{qt|gtk} does not offer saving passphrase via lib...

#6 2024-11-19 06:59:29

Re: [SOLVED] pinentry-{qt|gtk} does not offer saving passphrase via lib...

#7 2024-11-19 07:33:21

Re: [SOLVED] pinentry-{qt|gtk} does not offer saving passphrase via lib...

#8 2024-11-19 14:04:59

Re: [SOLVED] pinentry-{qt|gtk} does not offer saving passphrase via lib...

#9 2024-11-19 14:51:35

Re: [SOLVED] pinentry-{qt|gtk} does not offer saving passphrase via lib...

#10 2024-11-19 15:14:15

Re: [SOLVED] pinentry-{qt|gtk} does not offer saving passphrase via lib...

Board footer