Hi,
I'm running an Archlinux and I'm having troubles running standard gpg commands as root, which I don't think I ever encountered on other distros such as Centos 6.
Code:
[root@archlinux ~]# uname -a
Linux archlinux 4.9.6-1-ARCH #1 SMP PREEMPT Thu Jan 26 09:22:26 CET 2017 x86_64 GNU/Linux
[root@archlinux ~]# pacman -Qi gnupg
Name : gnupg
Version : 2.1.18-1
Description : Complete and free implementation of the OpenPGP standard
Architecture : x86_64
URL : http://www.gnupg.org/
Licenses : GPL
Groups : None
Provides : dirmngr gnupg2=2.1.18
Depends On : npth libgpg-error libgcrypt libksba libassuan pinentry bzip2 readline gnutls sqlite
Optional Deps : libldap: gpg2keys_ldap [installed]
libusb-compat: scdaemon [installed]
Required By : gpgme
Optional For : None
Conflicts With : dirmngr gnupg2
Replaces : dirmngr gnupg2
Installed Size : 9.02 MiB
Packager : Gaetan Bisson <bisson@archlinux.org>
Build Date : Tuesday, 24 January, 2017 08:00:29 AM PHT
Install Date : Friday, 27 January, 2017 09:58:17 AM PHT
Install Reason : Installed as a dependency for another package
Install Script : Yes
Validated By : Signature
[root@archlinux ~]#
To be exact, I'm having trouble running a simple sign:
Code:
[root@archlinux ~]# gpg --armor --output message.signed --sign message
gpg: signing failed: Permission denied
gpg: signing failed: Permission denied
[root@archlinux ~]#
Again, this appears only when I'm logged in as root.
I believe this thing called pinentry is the one causing the Permission denied error but I can't find anything from the logs. I followed Arch's
wiki and created a gpg-agent.conf file, but the error persists.
Code:
[root@archlinux ~]# cat ~/.gnupg/gpg-agent.conf
default-cache-ttl 300
max-cache-ttl 999999
pinentry-program /usr/bin/pinentry-gtk-2
[root@archlinux ~]# ls -l ~/.gnupg
total 36
drwx------ 2 root root 4096 Dec 31 03:20 crls.d
-rw------- 1 root root 79 Feb 4 16:51 gpg-agent.conf
drwx------ 2 root root 4096 Feb 4 16:54 private-keys-v1.d
-rw-r----- 1 root root 8886 Feb 4 17:23 pubring.kbx
-rw-r----- 1 root root 2810 Feb 4 16:34 pubring.kbx~
-rw------- 1 root root 600 Feb 4 16:57 random_seed
srwx------ 1 root root 0 Feb 4 17:22 S.dirmngr
srwx------ 1 root root 0 Feb 4 17:53 S.gpg-agent
srwx------ 1 root root 0 Feb 4 17:48 S.gpg-agent.browser
srwx------ 1 root root 0 Feb 4 17:48 S.gpg-agent.extra
srwx------ 1 root root 0 Feb 4 17:48 S.gpg-agent.ssh
-rw------- 1 root root 1400 Feb 4 17:24 trustdb.gpg
[root@archlinux ~]#
Another issue I ran into awhile ago was when importing a secret key file:
Code:
[root@archlinux restricted]# gpg --allow-secret-key-import --import draxler.asc
gpg: key xx: "D <D.x@x.x> not changed
gpg: key xx/xxx: error sending to agent: Permission denied
gpg: error building skey array: Permission denied
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: secret keys read: 1
[root@archlinux restricted]#
..but I got around it by using --batch, which resulted in a locked private key and a prompt when I tested to use it.
Any ideas on all of these? I want to know what I am missing and I'm also interested on deleting gpg-agent altogether but I can't because Arch wiki says "gpg-agent is mostly used as daemon to request and cache the password for the keychain. This is useful if GnuPG is used from an external program like a mail client. " and I am using Enigmail.
Thanks.