GPG Key Generation fails with "Key generation failed: No pinentry"

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9

Issue

  • When trying to generate key using command gpg --gen-key, got error gpg: problem with the agent: No pinentry
    gpg: Key generation canceled.     or Key generation failed: No pinentry

Resolution

The pinentry RPM is not installed

  • Install the pinentry RPM

    # yum install pinentry
# pkill gpg-agent

Note that gpg-agent will need to be killed and restarted for each user using it.

The GPG configuration indicates a non-standard path

  • Manually modify the applicable configuration file to indicate the correct path, or use something like the following to comment out the configuration option:

    # gpgconf --list-dirs homedir \
    | awk -F: '{print $NF}' \
    | xargs -I {} find {} -name gpg-agent.conf -exec \
    sed -i 's/^\(pinentry.*\)/#\1/' {}/gpg-agent.conf \; 2>/dev/null
# pkill gpg-agent

As above, gpg-agent will need to be killed and restarted for each user using it.

Root Cause

The pinentry program is referenced by the gpg default configuration, but requires manual installation as it is not necessary for the majority of user operations or is otherwise inaccessible at the time.

Diagnostic Steps

  • Verify the pinentry package installed:

    # rpm -q pinentry && echo Present || echo Not Present

    Expected Output:

    # rpm -q pinentry >/dev/null && echo Present || echo Not Present
Present

    If Not Present is returned, follow the steps in The pinentry RPM is not installed

  • Verify the gpg pinentry configuration indicates the default /usr/bin/pinentry path:

    # gpgconf --list-dirs homedir \
    | awk -F: '{print $NF}' \
    | xargs -I {} find {} -name gpg-agent.conf -exec \
    grep "^pinentry-program" {}/gpg-agent.conf \; 2>/dev/null

    Expected Output - None or:

    # gpgconf --list-dirs homedir \
    | awk -F: '{print $NF}' \
    | xargs -I {} find {} -name gpg-agent.conf -exec \
    grep "^pinentry-program" {}/gpg-agent.conf \; 2>/dev/null
pinentry-program /usr/bin/pinentry

    If any other path is seen in this output, then follow the steps in The GPG configuration indicates a non-standard path

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments