SSH, Error: Failed to decrypt

[fosspill]

Hello!
I seem to be having issues decrypting my passwords over ssh:

oleerik@glare ~ $ gopass dev/github/password

Error: Failed to decrypt

However, after doing this:

oleerik@glare ~ $ gpg --decrypt .password-store/dev/github/password.gpg
gpg: encrypted with 4096-bit RSA key, ID X, created 2017-02-21
      "x <x>"
My github password

It works with gopass again until timeout, I believe:

oleerik@glare ~ $ gopass dev/github/password
My github password

I'm guessing it fails at starting the terminal based pinentry window? Any known reason for this?

Version info: gopass HEAD (n/a ) go1.8.3
Linux

[jamesboswell]

See my comment on #209 I think your GPG install is unlinked (Homebrew issues)

[fosspill]

Hm, this is on Linux and installed through "go get". Could still be related, though?
I can also say that my partner experience the same issue. Again, this is only through SSH.

And:

oleerik@glare ~ $ which gpg2
/usr/bin/gpg2
oleerik@glare ~ $ which gpg
/usr/bin/gpg

[vesparny]

In my case gpg2 is correctly linked

$ which gpg2 
/usr/local/bin/gpg2

but the terminal based pinentry window does not show up

[arthur-c]

Same issue, no prompt and "failed to decrypt". Everything is fine with the decrypt command showed in debug mode and I've got the prompt.
gopass works well when the private key is unlocked.

No issue on my linux installation (fedora 26), I only have the issue with mac os x.

[glycerine102]

No issue on my linux installation (fedora 26), I only have the issue with mac os x.

I had the opposite problem. Using Fedora 26 KDE, gopass would only decrypt when the private key was unlocked but it was fine with macOS. I would just receive, "Failed to decrypt" and no pinentry (curses) prompt would display.

Installing and switching to pinentry-qt worked for me. I correctly receive the prompt and the key is unlocked. That leads me to believe (along with the OP) that gopass has issues with pinentry-curses.

[arthur-c]

@nathandorsey good call ! pinentry-qt is my default pinentry on my fedora. I switched to pinentry-mac on the Mac and it's now ok.

cat ~/.gnupg/gpg-agent.conf
pinentry-program /usr/local/bin/pinentry-mac

Forcing pinentry-curse in the gpg conf does not help. (pass is working with pinentry-curse)

[SimonTeixidor]

I did some debugging using strace -f. It seems like pinentry-curses complains about not having a real TTY when called by gopass. In any case, adding the following line to ~/.bashrc solves it for me:

export GPG_TTY=$(tty)

[fosspill]

Can confirm that @simonpersson's workaround works well.

[niklas88]

When using the xc backend this problem still persists as export GPG_TTY=$(tty) doesn't seem to affect pinentry but only the gpg binary

[Knappek]

An easier solution is to install gpgtools with brew install gpg-suite. Gopass will then ask for the passphrase.