Bad passphrase with gpg 2.1 - works fine with gpg 1.4

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Bad passphrase with gpg 2.1 - works fine with gpg 1.4

Fredrik Jonson
Hi all,

After upgrading to Ubuntu 17.04, gpg does not accept my passphrase. More
precisely, gpg 2.1.15 does not. However, gpg 1.4.21, installed as
gpg1 does accept that very same passphrase. What am I doing wrong?

Before upgrading, on Ubuntu 16.04, I'm fairly certain that I used gpg 1.4.x,
and that is what i used to generate my gpg key.

The only difference i can see is that gpg1 prompts for my passphrase as
input directly in the terminal, while gpg2 prompts using a GUI dialog
instead. Is that Gnome keyring, or gpg-agent, or something else?

Could it be locale related, I'm using a swedish locale/keyboard layout.

In an attempt to narrow the scope of possible causes, I've tried to
instruct gpg2 to not use-agent, but failed. Gpg2 still prompts me using a
GUI dialog, rather than interactively in the terminal. Can I, from the
command line, tell gpg2 not to use agent and always prompt me for the
passphrase in the terminal rather than via Gnome or gpg-agent?

As far as I understand there is no upgrade action required when migrating
from gpg1 to gpg2, correct?

Is gpg2 in general compatible with gpg1? Can I use gpg2 while some of my
recipients keep using gpg1? Or is that a bad idea for some reason?

My ~/.gnupg/gpg.conf contains:

 personal-digest-preferences SHA256
 cert-digest-algo SHA256
 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
 use-agent
 keyid-format long
 with-fingerprint

--
Fredrik Jonson

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: Bad passphrase with gpg 2.1 - works fine with gpg 1.4

Daniel Kahn Gillmor-7
Hi Fredrik--

On Wed 2017-04-19 15:49:20 +0200, Fredrik Jonson wrote:

> After upgrading to Ubuntu 17.04, gpg does not accept my passphrase. More
> precisely, gpg 2.1.15 does not. However, gpg 1.4.21, installed as
> gpg1 does accept that very same passphrase. What am I doing wrong?

gpg 1.4.x and 2.1.x use different secret keyrings.

the first time that 2.1.x runs, it tries to import secret key material
from the 1.4.x keyring, but it's possible that this happened before the
previous key generation.

You can encourage 2.1.x to try that migration again with:

    rm ~/.gnupg/.gpg-v21-migrated
    gpg2 --list-secret-keys

> In an attempt to narrow the scope of possible causes, I've tried to
> instruct gpg2 to not use-agent, but failed.

modern GnuPG (v2.1) is designed to only use the agent.  on this branch,
gpg itself never handles secret key material at all.

> Gpg2 still prompts me using a GUI dialog, rather than interactively in
> the terminal. Can I, from the command line, tell gpg2 not to use agent
> and always prompt me for the passphrase in the terminal rather than
> via Gnome or gpg-agent?

I'm not sure that this is related to your other question.  but if you
really prefer to only be prompted in the terminal, you can change the
version of pinentry that you have installed to pinentry-curses or
pinentry-tty.  If you're using this from a graphical environment though,
i do not recommend making this change.  Stick with the graphical
passphrase prompt!

> Is gpg2 in general compatible with gpg1? Can I use gpg2 while some of my
> recipients keep using gpg1? Or is that a bad idea for some reason?

you can use gpg 2.1.x while your correspondents use gpg 1.4.x.  but
trying to use 2.1.x yourself while also using 1.4.x (the "co-installed
case") doesn't work very well in my experience, since there are
different secret keyrings, and in practice there can be different public
keyrings as well (2.1.x prefers ~/.gnupg/pubring.kbx, but 1.4.x only
knows about ~/.gnupg/pubring.gpg).

      --dkg

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users