redhat 6 gpg2 none gui encryption

Xris718 · 06-05-2012, 11:54 AM

Hi

I seem to have a problem encrypting a simple text file using gpg2 on rhel6. It seems I am unable to do a simple --symmetric encryption in a none gui way where only a passphrase is required to encrypt/decrypt. It used to work on rhel5 but doesn't work on rhel6. Example below:

[root@server1 ~]# ls -l `which gpg`
lrwxrwxrwx. 1 root root 4 Feb 2 09:20 /usr/bin/gpg -> gpg2

[root@server1 ~]# gpg -c junk
can't connect to `/root/.gnupg/S.gpg-agent': Connection refused
xprop: unable to open display 'localhost:10.0'
pinentry-qt: cannot connect to X server localhost:10.0
gpg-agent[30680]: can't connect server: ec=4.16383
gpg-agent[30680]: can't connect to the PIN entry module: End of file
gpg-agent[30680]: command get_passphrase failed: No pinentry
gpg: problem with the agent: No pinentry
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of `junk' failed: Operation cancelled

[root@server1 ~]# ps -ef|grep gpg-agent
root 20911 1 0 Jun04 ? 00:00:00 gpg-agent --daemon
root 30687 30311 0 12:52 pts/0 00:00:00 grep gpg-agent

It looks like its trying to launch a GUI to enter a passphrase but I dont want that. I want to enter it at the command prompt. Anyone seen this behavior before? Any resolution?

chrism01 · 06-14-2012, 09:13 PM

Have a read of this https://bugzilla.redhat.com/show_bug.cgi?id=574406, but in short it looks like there should be 2 versions; gpg2 that expects a GUI and the old gpg.
See also the man page that mentions this; http://linux.die.net/man/1/gpg

It looks like null-ing env vars like DISPLAY may help..

I've had a quick look at RHEL6 repo and can only find gpg2 ...
Best if you phone RH and ask I reckon (after having read the bugzilla for background info) & please(!) post the soln.

I'm sure there's lots of us who would like to know.

Xris718 · 06-15-2012, 10:56 AM

Actually this is the solution which I found to work for me.

On RedHat-6 only

# yum install pinentry-gt
# vi /usr/bin/pinentry

Add below 3 lines to beginning of /usr/bin/pinentry file:

export PINENTRY_BINARY="/usr/bin/pinentry-curses"
exec $PINENTRY_BINARY "$@"
exit 1

Hope this helps.