gpg: decryption failed: No secret key

[altrugon]

Here are the details about my environment:

• OS X 10.11.4
• passwordstore 1.6.5 (homebrew installation)
• QtPass 1.1.1 (dmg installation)
• QtPass > Config > Programs: "Use pass" || /usr/local/bin/pass

I have noticed that when I open QtPass and I try to get a password I received the following error:

gpg: decryption failed: No secret key

However, if I go to the console and copy a password and properly insert my master password, then I can re-open QtPass and all my password are accessible, not only that but it doesn't ask me for a master password anymore.

Can somebody help me to solve this? It would be nice if I just insert my master password on QtPass when I open the program or when I try to access to a password, and not have to go to the console for this.

Thank you.

[annejan]

What version of gpg are you using?

On OSX currently we can only support the GPG-tools version unfortunately. Since the other versions don't support graphical passphrase or pinentry on OSX.
Wrapping the passphrase or pinentry of the non-graphical "pinentry" part of GPG is considered a security problem.

[annejan]

The not asking password later on is caused by the gpg-agent keeping the session open.
This is usually for a set time only.

[altrugon]

I installed my gpg agent by running brew install homebrew/versions/gnupg21, here are some output form my terminal

~$ ls -l /usr/local/bin/gpg
lrwxr-xr-x  1 altrugon  admin  30 18 May 14:50 /usr/local/bin/gpg -> ../Cellar/gnupg/1.4.20/bin/gpg
~$ ls -l /usr/local/bin/gpg2
lrwxr-xr-x  1 altrugon  admin  33 18 May 15:07 /usr/local/bin/gpg2 -> ../Cellar/gnupg21/2.1.11/bin/gpg2

And also unde QtPass > Config > Progrmas, the unselected "Native git/gpg" option is pointing to /usr/local/bin/gpg2

[annejan]

Unfortunately the homebrew version doesn't have a graphical passphrase or pinentry option as far as I know.
Will try if there is a way to get that in, since I would love to not being dependent on use of the GPGtools.org version.

[altrugon]

Ok, thank you for your reply.

Would you mind to give me some details instructions of how to re-installed it then. I'm just starting to use password storage and QtPass, so I don't mind to throw to the garbage all that I have so far.

Thanks.

[annejan]

The only tested GPG version is https://gpgtools.org/
Installing the DMG from there should work, it should automatically be able to import your existing private key etc.

It should just cooperate with the homebrew one as-well . . but it has a graphical pinentry set-up.

Please let me know if that works . .

[altrugon]

No luck. Right after installed it I changed the Config/Program/gpg /Applications/GPG Keychain.app and tried to open one of the already created entries and got:

Import Failed!

It seems you are trying to import an encrypted or signed message. To decrypt or verify such messages please use GPGServices.

I assumed that it was because it was created with gpg2 so I deleted everything and tried to create a new one. The process went ok, and after I hit "generate" for the password and save it, GPG Keychain automatically opened and there is nothing obvious to do over there, the only thing I see is 2 listed keys (mine and gpgtools team).

I still confused how passwordstorage and qtpass are going to work together if qtpass use gpg and passwordstorage is using gpg2.

[annejan]

GPG is just an algorithm.
You can import keys across implementations, even across devices.

Passwordstore and QtPass both use gpg2.

Opening the entries with the Keychain app is not going to work.
The keychain app is just for managing your secret key(s) and other peoples public keys.

GPG is a miraculous ecosystem and unfortunately not very easy to get into.

[altrugon]

Hehe... my fault then. I did set /usr/local/bin/gpg2 back and now I got the prompt for the master key.

Thank you so much for your support Annejan.

[annejan]

Awesome, feel free to participate in any of the other issues or open another one if you have any issues.
This helps me to think more about documentation :)