You are not logged in.
Hi there,
I am currently trying to configure pinentry for GnuPG so that it can save / read the secret to / from KeepassXC via the KeepassXC secret service (libsecret).
I verified that the KeepassXC secret service integration works correctly using `secret-tool`. I configured the agent in `~/.gnupg/gpg-agent.conf` and the configured pinentry program is effective and I set `PINENTRY_KDE_USE_WALLET=1` for the Plasma session. Unfortunately, neither `pinentry-qt`, nor `pinentry-gtk` offer an option to save the entered secret despite what the documentation I found via a Google search suggest. Restarting the agent does not help.
Any ideas what I may be missing?
Thanks,
Thilo
Last edited by Specialist (2024-11-20 19:09:34)
Offline
Offline
pinentry-qt
OPTION allow-external-password-cache SETKEYINFO foo GETPIN
Well, that's how I can trigger this for testing purposes as the MR states:
> This patch can also be tested directly with pinentry as long as OPTION allow-external-password-cache and SETKEYINFO <mykeyinfo> are sent before prompting.
The question, however, is how to get this working with real client interaction, e.g., from KMail.
Using the manual test procedure actually creates an entry in KeepassXC, so if that's the way to go for creating an entry (that will later be used by client operations), which value do I need to supply as keyinfo to match a given GPG key?
Thanks!
Last edited by Specialist (2024-11-18 18:36:13)
Offline
You don't. KMail would have to.
What you're doing there is manually use the assuan protocol that's also used by clients like kmail to talk to pinentry.
It's just to check that the pinentry feature principally works
The client will have to issue the OPTION and SETKEYINFO to some ID it's gonna use later on.
gpg-agents should™ do this, though. But idk how kmail handles any of this and on what condition.
https://userbase.kde.org/KMail/PGP_MIME#Issues
Offline
You don't. KMail would have to.
That makes sense, thanks! I guess this can possibly be configured at Configure -> Security -> Encryption -> GnuPG Settings..., which just brings up an error message for me:
KPluginFactory could not create a KCModule instance from /usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so
ldd complains about:
$ ldd /usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so
/usr/bin/ldd: line 159: /usr/lib/ld-linux.so.2: cannot execute binary file: Exec format error
linux-vdso.so.1 (0x000072372e0ef000)
libKPim6Libkleo.so.6 => /usr/lib/libKPim6Libkleo.so.6 (0x000072372ded0000)
libqgpgmeqt6.so.15 => /usr/lib/libqgpgmeqt6.so.15 (0x000072372dda6000)
libKF6CoreAddons.so.6 => /usr/lib/libKF6CoreAddons.so.6 (0x000072372dcc6000)
libQt6Widgets.so.6 => /usr/lib/libQt6Widgets.so.6 (0x000072372d400000)
libQt6Core.so.6 => /usr/lib/libQt6Core.so.6 (0x000072372ce00000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x000072372ca00000)
libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x000072372dc96000)
libc.so.6 => /usr/lib/libc.so.6 (0x000072372c80f000)
libKF6Completion.so.6 => /usr/lib/libKF6Completion.so.6 (0x000072372dc5a000)
libKF6ColorScheme.so.6 => /usr/lib/libKF6ColorScheme.so.6 (0x000072372dc44000)
libKF6ConfigGui.so.6 => /usr/lib/libKF6ConfigGui.so.6 (0x000072372dc0e000)
libKF6ItemModels.so.6 => /usr/lib/libKF6ItemModels.so.6 (0x000072372dbb8000)
libKF6WidgetsAddons.so.6 => /usr/lib/libKF6WidgetsAddons.so.6 (0x000072372c400000)
libKF6Codecs.so.6 => /usr/lib/libKF6Codecs.so.6 (0x000072372db81000)
libKF6I18n.so.6 => /usr/lib/libKF6I18n.so.6 (0x000072372cd83000)
libKF6ConfigCore.so.6 => /usr/lib/libKF6ConfigCore.so.6 (0x000072372cd0c000)
libQt6Gui.so.6 => /usr/lib/libQt6Gui.so.6 (0x000072372ba00000)
libgpgmepp.so.6 => /usr/lib/libgpgmepp.so.6 (0x000072372cca5000)
libgpgme.so.11 => /usr/lib/libgpgme.so.11 (0x000072372c7be000)
/usr/lib64/ld-linux-x86-64.so.2 (0x000072372e0f1000)
libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x000072372db57000)
libQt6DBus.so.6 => /usr/lib/libQt6DBus.so.6 (0x000072372c703000)
libudev.so.1 => /usr/lib/libudev.so.1 (0x000072372c6bd000)
libm.so.6 => /usr/lib/libm.so.6 (0x000072372c311000)
libicui18n.so.75 => /usr/lib/libicui18n.so.75 (0x000072372b600000)
libicuuc.so.75 => /usr/lib/libicuuc.so.75 (0x000072372b406000)
libglib-2.0.so.0 => /usr/lib/libglib-2.0.so.0 (0x000072372b2b6000)
libz.so.1 => /usr/lib/libz.so.1 (0x000072372db3c000)
libsystemd.so.0 => /usr/lib/libsystemd.so.0 (0x000072372b1c2000)
libdouble-conversion.so.3 => /usr/lib/libdouble-conversion.so.3 (0x000072372cc8e000)
libb2.so.1 => /usr/lib/libb2.so.1 (0x000072372c69f000)
libpcre2-16.so.0 => /usr/lib/libpcre2-16.so.0 (0x000072372b130000)
libzstd.so.1 => /usr/lib/libzstd.so.1 (0x000072372b051000)
libKF6GuiAddons.so.6 => /usr/lib/libKF6GuiAddons.so.6 (0x000072372b9b5000)
libEGL.so.1 => /usr/lib/libEGL.so.1 (0x000072372c68d000)
libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x000072372b001000)
libX11.so.6 => /usr/lib/libX11.so.6 (0x000072372aec0000)
libxkbcommon.so.0 => /usr/lib/libxkbcommon.so.0 (0x000072372ae78000)
libGLX.so.0 => /usr/lib/libGLX.so.0 (0x000072372c2df000)
libOpenGL.so.0 => /usr/lib/libOpenGL.so.0 (0x000072372b98a000)
libpng16.so.16 => /usr/lib/libpng16.so.16 (0x000072372ae3d000)
libharfbuzz.so.0 => /usr/lib/libharfbuzz.so.0 (0x000072372ad1e000)
libmd4c.so.0 => /usr/lib/libmd4c.so.0 (0x000072372c677000)
libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x000072372ac54000)
libassuan.so.9 => /usr/lib/libassuan.so.9 (0x000072372ac3f000)
libdbus-1.so.3 => /usr/lib/libdbus-1.so.3 (0x000072372abee000)
libcap.so.2 => /usr/lib/libcap.so.2 (0x000072372c66b000)
libicudata.so.75 => /usr/lib/libicudata.so.75 (0x0000723728e00000)
libpcre2-8.so.0 => /usr/lib/libpcre2-8.so.0 (0x0000723728d61000)
libgomp.so.1 => /usr/lib/libgomp.so.1 (0x000072372ab9b000)
libQt6WaylandClient.so.6 => /usr/lib/libQt6WaylandClient.so.6 (0x0000723728c6d000)
libwayland-client.so.0 => /usr/lib/libwayland-client.so.0 (0x000072372c2d0000)
libGLdispatch.so.0 => /usr/lib/libGLdispatch.so.0 (0x0000723728bb5000)
libexpat.so.1 => /usr/lib/libexpat.so.1 (0x000072372ab71000)
libxcb.so.1 => /usr/lib/libxcb.so.1 (0x0000723728b8a000)
libgraphite2.so.3 => /usr/lib/libgraphite2.so.3 (0x0000723728b68000)
libbz2.so.1.0 => /usr/lib/libbz2.so.1.0 (0x000072372ab5e000)
libbrotlidec.so.1 => /usr/lib/libbrotlidec.so.1 (0x0000723728b59000)
libwayland-cursor.so.0 => /usr/lib/libwayland-cursor.so.0 (0x000072372b980000)
libffi.so.8 => /usr/lib/libffi.so.8 (0x000072372ab53000)
libXau.so.6 => /usr/lib/libXau.so.6 (0x000072372d3fb000)
libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x0000723728b51000)
libbrotlicommon.so.1 => /usr/lib/libbrotlicommon.so.1 (0x0000723728b2e000)
$ file /usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so
/usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6b5d8dcddaeb9949de5ca6419271cbf19806a23e, stripped
Not sure what is causing the exec format error...
Offline
file /usr/lib/ld-linux.so.2
stat /usr/lib/ld-linux.so.2
KPluginFactory could not create a KCModule instance from /usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so
https://forum.manjaro.org/t/issue-with- … e/163868/2
To be sure the "passphrase agent" (gpg-agent) is enabled, check your ~/.gnupg/gpg.conf and eventually uncomment the line containing "use-agent".
Offline
file /usr/lib/ld-linux.so.2 stat /usr/lib/ld-linux.so.2
$ /usr/lib/ld-linux.so.2
/usr/lib/ld-linux.so.2: symbolic link to ../lib32/ld-linux.so.2
$ pacman -Qo /usr/lib/ld-linux.so.2
/usr/lib/ld-linux.so.2 is owned by lib32-glibc 2.40+r16+gaa533d58ff-2
$ pacman -Qo /usr/lib32/ld-linux.so.2
/usr/lib32/ld-linux.so.2 is owned by lib32-glibc 2.40+r16+gaa533d58ff-2
$ ldd /usr/lib32/ld-linux.so.2
/usr/bin/ldd: line 159: /usr/lib/ld-linux.so.2: cannot execute binary file: Exec format error
not a dynamic executable
That's not surprising as I disabled ia32 via
ia32_emulation=false
on the kernel cmdline. What's surprising, though, is, that the Kleopatra config plugin requires 32-bit code despite being a 64-bit executable:
$ file /usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so
/usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6b5d8dcddaeb9949de5ca6419271cbf19806a23e, stripped
Edit:
use-agent
is already enabled.
Last edited by Specialist (2024-11-19 07:36:12)
Offline
If we ignore kleopatra:
ps aux | grep gpg
printenv | grep -i gpg
To be clear: kmail *does* invoke the selected pinentry dialog and doesn't show you an internal one?
Also
An alternative for KDE Wallet is /usr/bin/pinentry-kwallet which requires installing the kwalletcli (AUR) package.
Offline
To be clear: kmail *does* invoke the selected pinentry dialog and doesn't show you an internal one?
Yes, varying the pinentry-program changes the L&F.
I finally managed to get it working by removing the "disallow external password cache" flag in the standard Kleopatra config.
I still have no clue why the Kleopatra plugin does not load in KMail's settings. I re-enabled ia32, the exec format error is gone, but still no GnuPG config in KMail.
Offline
\o/
Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.
Do you still get
KPluginFactory could not create a KCModule instance from /usr/lib/qt6/plugins/pim6/kcms/kleopatra/kleopatra_config_gnupgsystem.so
?
The only other reference to that is that manjaro thread.
=> https://bugs.kde.org/buglist.cgi?quicks … Akleopatra
The /usr/lib/ld-linux.so.2 error is probably a red herring, ldd still prints the linked objects, so ld-linux.so.2 probably only fails on a test-bite to figure that this ain't a 32bit ELF.
Offline