[Bug 1775923] [NEW] gpg can't access secret keys when logged in via ssh instead of desktop

Jesse Michael 1775923 at bugs.launchpad.net
Fri Jun 8 19:37:51 UTC 2018 

Public bug reported:

I recently performed a fresh install of 18.04 (Bionic) after preserving
my .gnupg directory from my previous 16.04 LTS (Xenial) installation,
but now, I can't perform gpg operations that require my secret key
unless I'm sitting at the desktop and not logged in via ssh.

If I'm sitting at the gnome desktop environment, I can run gpg commands
to decrypt encrypted messages and the popup appears to ask my
passphrase, but if I'm connected via ssh, I get errors from gpg-agent
and gpg fails to find my secret key without ever asking for my
passphrase:

$ ps auxww | grep gpg-agent
jesse    16703  0.0  0.0  21536  1040 pts/4    S+   12:19   0:00 grep gpg-agent

$ gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2019-02-22
/home/jesse/.gnupg/pubring.kbx
------------------------------
pub   rsa2048 2018-02-22 [SC] [expires: 2019-02-22]
      ...
uid           [ultimate] Jesse Michael <... at ...>
uid           [ultimate] Jesse Michael <... at ...>
sub   rsa2048 2018-02-22 [E] [expires: 2019-02-22]

pub   rsa2048 2018-02-22 [SC] [expires: 2019-02-22]
      ...
uid           [ultimate] Jesse Michael <... at ...>
sub   rsa2048 2018-02-22 [E] [expires: 2019-02-22]

pub   rsa4096 2017-07-10 [SC] [expires: 2018-07-10]
      ...
uid           [ unknown] ... <... at ...>
sub   rsa4096 2017-07-10 [E] [expires: 2018-07-10]

$ gpg --export-secret-keys
gpg: key ...: error receiving key from agent: Operation cancelled - skipped
gpg: key ...: error receiving key from agent: Operation cancelled - skipped
gpg: key ...: error receiving key from agent: Operation cancelled - skipped
gpg: key ...: error receiving key from agent: Operation cancelled - skipped
gpg: WARNING: nothing exported

$ gpg --decrypt somefilename.gpg
gpg: encrypted with 4096-bit RSA key, ID ..., created 2017-07-10
      "... <... at ...>"
gpg: encrypted with 2048-bit RSA key, ID ..., created 2018-02-22
      "Jesse Michael <... at ...>"
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key

$ ps auxww | grep gpg-agent
jesse    16716  0.0  0.0 100420  3484 ?        SLs  12:19   0:00 /usr/bin/gpg-agent --supervised
jesse    16763  0.0  0.0  21536  1092 pts/4    S+   12:20   0:00 grep gpg-agent
 
$ lsb_release -rd
Description:    Ubuntu 18.04 LTS
Release:        18.04

$ apt-cache policy gpg gnupg2 gpg-agent
gpg:
  Installed: 2.2.4-1ubuntu1
  Candidate: 2.2.4-1ubuntu1
  Version table:
 *** 2.2.4-1ubuntu1 500
        500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
        100 /var/lib/dpkg/status
gnupg2:
  Installed: 2.2.4-1ubuntu1
  Candidate: 2.2.4-1ubuntu1
  Version table:
 *** 2.2.4-1ubuntu1 500
        500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu bionic/universe i386 Packages
        100 /var/lib/dpkg/status
gpg-agent:
  Installed: 2.2.4-1ubuntu1
  Candidate: 2.2.4-1ubuntu1
  Version table:
 *** 2.2.4-1ubuntu1 500
        500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
        100 /var/lib/dpkg/status

** Affects: gnupg2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1775923

Title:
  gpg can't access secret keys when logged in via ssh instead of desktop

Status in gnupg2 package in Ubuntu:
  New

Bug description:
  I recently performed a fresh install of 18.04 (Bionic) after
  preserving my .gnupg directory from my previous 16.04 LTS (Xenial)
  installation, but now, I can't perform gpg operations that require my
  secret key unless I'm sitting at the desktop and not logged in via
  ssh.

  If I'm sitting at the gnome desktop environment, I can run gpg
  commands to decrypt encrypted messages and the popup appears to ask my
  passphrase, but if I'm connected via ssh, I get errors from gpg-agent
  and gpg fails to find my secret key without ever asking for my
  passphrase:

  $ ps auxww | grep gpg-agent
  jesse    16703  0.0  0.0  21536  1040 pts/4    S+   12:19   0:00 grep gpg-agent

  $ gpg --list-keys
  gpg: checking the trustdb
  gpg: marginals needed: 3  completes needed: 1  trust model: pgp
  gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
  gpg: next trustdb check due at 2019-02-22
  /home/jesse/.gnupg/pubring.kbx
  ------------------------------
  pub   rsa2048 2018-02-22 [SC] [expires: 2019-02-22]
        ...
  uid           [ultimate] Jesse Michael <... at ...>
  uid           [ultimate] Jesse Michael <... at ...>
  sub   rsa2048 2018-02-22 [E] [expires: 2019-02-22]

  pub   rsa2048 2018-02-22 [SC] [expires: 2019-02-22]
        ...
  uid           [ultimate] Jesse Michael <... at ...>
  sub   rsa2048 2018-02-22 [E] [expires: 2019-02-22]

  pub   rsa4096 2017-07-10 [SC] [expires: 2018-07-10]
        ...
  uid           [ unknown] ... <... at ...>
  sub   rsa4096 2017-07-10 [E] [expires: 2018-07-10]

  $ gpg --export-secret-keys
  gpg: key ...: error receiving key from agent: Operation cancelled - skipped
  gpg: key ...: error receiving key from agent: Operation cancelled - skipped
  gpg: key ...: error receiving key from agent: Operation cancelled - skipped
  gpg: key ...: error receiving key from agent: Operation cancelled - skipped
  gpg: WARNING: nothing exported

  $ gpg --decrypt somefilename.gpg
  gpg: encrypted with 4096-bit RSA key, ID ..., created 2017-07-10
        "... <... at ...>"
  gpg: encrypted with 2048-bit RSA key, ID ..., created 2018-02-22
        "Jesse Michael <... at ...>"
  gpg: public key decryption failed: Operation cancelled
  gpg: decryption failed: No secret key

  $ ps auxww | grep gpg-agent
  jesse    16716  0.0  0.0 100420  3484 ?        SLs  12:19   0:00 /usr/bin/gpg-agent --supervised
  jesse    16763  0.0  0.0  21536  1092 pts/4    S+   12:20   0:00 grep gpg-agent
   
  $ lsb_release -rd
  Description:    Ubuntu 18.04 LTS
  Release:        18.04

  $ apt-cache policy gpg gnupg2 gpg-agent
  gpg:
    Installed: 2.2.4-1ubuntu1
    Candidate: 2.2.4-1ubuntu1
    Version table:
   *** 2.2.4-1ubuntu1 500
          500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
          100 /var/lib/dpkg/status
  gnupg2:
    Installed: 2.2.4-1ubuntu1
    Candidate: 2.2.4-1ubuntu1
    Version table:
   *** 2.2.4-1ubuntu1 500
          500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
          500 http://us.archive.ubuntu.com/ubuntu bionic/universe i386 Packages
          100 /var/lib/dpkg/status
  gpg-agent:
    Installed: 2.2.4-1ubuntu1
    Candidate: 2.2.4-1ubuntu1
    Version table:
   *** 2.2.4-1ubuntu1 500
          500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1775923/+subscriptions

More information about the foundations-bugs mailing list