98

Im trying to setup my gnupg configuration on MAC OS 11.2.1

So far I have setup my SSH, I have generated my GPG key and added it into GPG agent.

Now, if I run this command:

 echo "test" | gpg --clearsign

I am getting this result:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

test
gpg: signing failed: No pinentry
gpg: [stdin]: clear-sign failed: No pinentry

The problem is, that the pinetry is installed:

pinentry-curses (pinentry) 1.1.1
Copyright (C) 2016 g10 Code GmbH
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

In my gpg-agent.conf file, I have this line:

pinentry-program /usr/local/bin/pinentry-mac

In my gpg.conf I have this line:

no-tty

gpg version:

gpg (GnuPG) 2.2.27
libgcrypt 1.9.2
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/usr/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

I have tried to kill gpg agent and reinstall gnupg several times, reinstal pinentry. Nothing helped.

ragulin
  • 2,571
  • 2
  • 7
  • 6

4 Answers4

149

The command

brew install pinentry

Aparrently installed the pinentry into different path, than the gpg-agent.conf file has. If someone runs into this problem, just do

which pinentry-mac

And the path it gives you, put into gpg-agent.conf file.

If there is no gpg-agent.conf file found in ~/.gnupg/ directory, then create it.

touch ~/.gnupg/gpg-agent.conf

Very Important

Run gpgconf --kill gpg-agent after change the conf file. Thanks to Jérémie Boulay

TheScrappyDev
  • 103
ragulin
  • 2,571
  • 2
  • 7
  • 6
28

In my case, I already had pinentry-mac installed previously, but something about it wasn't quite right. I was able to run brew upgrade pinentry-mac and get it all working again. (If there's no new version, uninstalling and reinstalling via brew might do it.)

Ariel Allon
  • 381
11

For the Macs with a finger print sensor, there is even a better tool, called pinentry-touchid

how to install

brew tap jorgelbg/tap
brew install pinentry-touchid

how to setup gpg

echo pinentry-program $(which pinentry-touchid) >> ~/.gnupg/gpg-agent.conf

To verify the config, you should see something like this:

cat ~/.gnupg/gpg-agent.conf
default-cache-ttl 600
max-cache-ttl 7200
pinentry-program /opt/homebrew/bin/pinentry-touchid
5422m4n
  • 211
3

For any who gets this, i was able to resolve this error when trying to create a GPG key on MacOS (Intel chip) by following the instructions at here.

gpg --full-gen-key --pinentry-mode loopback

'--pinentry-mode loopback' option is used to by pass the need for pinentry. see further details here.

duoarc
  • 31