[arch-general] Problem with GPG Access Rules

NTS nts at gyatso.de
Mon Oct 12 12:58:08 UTC 2020 

On Mon, 12 Oct 2020 at 12:31, Filipe Laíns via arch-general
<arch-general at archlinux.org> wrote:
>
> On Mon, 2020-10-12 at 13:08 +0200, Jörg Jellissen wrote:
> Hello,
>
> i have a problem with my access rules on my ~/.gnupg folder. The reason
> is that i can't sign any e-mails .
>
> the warning message was that the access rules to the folder are too
> open
>
> but which rights are correct?
>
> i have looked in the folder and my rights looks like this
>
> drwxr-xr-x  3 joerg users 4,0K 12. Okt 12:57 .
> drwx------ 29 joerg users 4,0K 11. Okt 18:48 ..
> drwx------  2 joerg users 4,0K  9. Okt 21:13 private-keys-v1.d
> -rw-r--r--  1 joerg users 2,5K  9. Okt 21:13 pubring.kbx
> -rw-------  1 joerg users   32  9. Okt 21:13 pubring.kbx~
> -rw-r--r--  1 joerg users    7 10. Okt 19:41 reader_0.status
> -rw-------  1 joerg users 1,3K  9. Okt 21:13 trustdb.gpg
>
> is this correct for gpg / Kleopatra?

No, please

    chmod -R go= ~/.gnupg

> the translated output was
>
> Detailed error message: Output from gpg2:
> gpg: WARNING: Insecure access rights of the home directory
> `/home/joerg/.gnupg '
> gpg: write after '-'
> gpg: pinentry launched (5745 curses 1.1.0 - -: 0)
> gpg: Authentication failed: Inappropriate IOCTL (I / O control) for the
> device
> gpg: signing failed: Unsuitable IOCTL (I / O control) for the device
>
>
> Many thanks for helpers
>
> Seems like there is an issue with the pinentry binary. It does not seem
> to be compatible with your system. IOCTL are a way to interface with
> the kernel, they export extra "functions" in file descriptors that you
> can call. Your system does not support whatever the pinentry is trying
> to use.

If you still have a problem you could try using a different pinentry
binary, there are usually several using different/no graphical
toolkit(s):

$ ll /usr/bin/*pinentry*
-rwxr-xr-x 1 root root   3071 Aug 25 22:35 /usr/bin/pinentry*
-rwxr-xr-x 1 root root  56792 Aug 25 22:35 /usr/bin/pinentry-curses*
-rwxr-xr-x 1 root root  52536 Aug 25 22:35 /usr/bin/pinentry-emacs*
-rwxr-xr-x 1 root root  77760 Aug 25 22:35 /usr/bin/pinentry-gnome3*
-rwxr-xr-x 1 root root  90560 Aug 25 22:35 /usr/bin/pinentry-gtk-2*
-rwxr-xr-x 1 root root 123664 Aug 25 22:35 /usr/bin/pinentry-qt*
lrwxrwxrwx 1 root root     11 Aug 25 22:35 /usr/bin/pinentry-qt4 -> pinentry-qt*
lrwxrwxrwx 1 root root     11 Aug 25 22:35 /usr/bin/pinentry-qt5 -> pinentry-qt*
-rwxr-xr-x 1 root root  52408 Aug 25 22:35 /usr/bin/pinentry-tty*

Perhaps a different one will work (because it may not use that
functionality).  That helped me once.

The first suggestion will more likely help here, though.

Best wishes,

NTS

More information about the arch-general mailing list