Python gnupg: "No Pinentry" 删除密钥时出错
Python gnupg: "No Pinentry" error during key deletion
我正在构建一个 python3 应用程序,它生成一个 GPG 密钥,要求输入密码和 de/encrypts 文件。我想,每次启动应用程序都需要输入正确的密码。
目前看来,gpg-agent 在应用程序关闭后仍然持有密码。重新启动应用程序不需要正确的密码来解密数据。
所以我想到了将密钥(public 和私有)导出到 ASCII 装甲文件中,在开始时导入它并在应用程序关闭时再次从密钥环中删除密钥。当我尝试删除密钥(首先是私钥,如 documentation 中所述)并显示结果对象的标准错误时,它显示 "No Pinentry" 错误。
我写了一个简短的测试程序:
import gnupg
gpg = gnupg.GPG(gnupghome="testhome")
input_data=gpg.gen_key_input(name_email="vault@mydomain.com", key_type="DSA", subkey_type="RSA",passphrase="Test")
key = gpg.gen_key(input_data)
if not gpg.list_keys():
print(key.stderr)
exit()
status=gpg.delete_keys(gpg.list_keys(True)[0]['fingerprint'],secret=True, passphrase="Test")
print(status.stderr)
最后的打印语句显示:
gpg: Hinweis: Keine voreingestellte Optionendatei '...testhome/gpg.conf' vorhanden
gpg: enabled debug flags: ipc
gpg: DBG: chan_5 <- OK Pleased to meet you, process 2103
gpg: DBG: connection to agent established
gpg: DBG: chan_5 -> RESET
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION ttytype=xterm-256color
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION display=:0
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION xauthority=/run/user/1000/gdm/Xauthority
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=XMODIFIERS=@im=ibus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=GTK_IM_MODULE=ibus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=QT_IM_MODULE=ibus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> GETINFO version
gpg: DBG: chan_5 <- D 2.2.4
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION allow-pinentry-notify
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION pinentry-mode=loopback
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> HAVEKEY A50FB634D9E33FEE1D9B8861A563F4C53BC20CD1
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> HAVEKEY A50FB634D9E33FEE1D9B8861A563F4C53BC20CD1
gpg: DBG: chan_5 <- OK
[GNUPG:] KEY_CONSIDERED 12E6713D592E3FA210EE05E9558B0205D1894962 0
gpg: DBG: chan_5 -> SETKEYDESC Möchten+Sie+den+ausgewählten+geheimen+OpenPGP+Schlüssel+wirklich+dauerhaft+entfernen?+(j/N)%0A%22Autogenerated+Key+<vault@mydomain.com>%22%0A2048-Bit+DSA+Schlüssel,+ID+558B0205D1894962,%0Aerzeugt+2019-07-03.%0A?
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> DELETE_KEY A50FB634D9E33FEE1D9B8861A563F4C53BC20CD1
gpg: DBG: chan_5 <- ERR 67108949 Kein Pinentry <GPG Agent>
gpg: Fehler beim Löschen des privaten Schlüssels: Kein Pinentry
gpg: DBG: chan_5 -> HAVEKEY 489F5816348DA3C7D2540D5748CD0AC1E4ACA459
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> SETKEYDESC Möchten+Sie+den+ausgewählten+geheimen+OpenPGP+Unterschlüssel+wirklich+dauerhaft+entfernen?+(j/N)%0A%22Autogenerated+Key+<vault@mydomain.com>%22%0A3072-Bit+RSA+Schlüssel,+ID+42CA4781026C931E,%0Aerzeugt+2019-07-03+(Hauptschlüssel-ID+558B0205D1894962).%0A?
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> DELETE_KEY 489F5816348DA3C7D2540D5748CD0AC1E4ACA459
gpg: DBG: chan_5 <- ERR 67108949 Kein Pinentry <GPG Agent>
gpg: Fehler beim Löschen des privaten Unterschlüssels: Kein Pinentry
gpg: 12E6713D592E3FA210EE05E9558B0205D1894962: delete key failed: Kein Pinentry
gpg: secmem usage: 224/65536 bytes in 1 blocks
由于错误信息包含德语,我会尝试正确翻译这些段落:
gpg: Notice: No preset options file '...testhome/gpg.conf' found
gpg: enabled debug flags: ipc
gpg: DBG: chan_5 <- OK Pleased to meet you, process 2103
gpg: DBG: connection to agent established
gpg: DBG: chan_5 -> RESET
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION ttytype=xterm-256color
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION display=:0
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION xauthority=/run/user/1000/gdm/Xauthority
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=XMODIFIERS=@im=ibus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=GTK_IM_MODULE=ibus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=QT_IM_MODULE=ibus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> GETINFO version
gpg: DBG: chan_5 <- D 2.2.4
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION allow-pinentry-notify
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION pinentry-mode=loopback
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> HAVEKEY A50FB634D9E33FEE1D9B8861A563F4C53BC20CD1
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> HAVEKEY A50FB634D9E33FEE1D9B8861A563F4C53BC20CD1
gpg: DBG: chan_5 <- OK
[GNUPG:] KEY_CONSIDERED 12E6713D592E3FA210EE05E9558B0205D1894962 0
gpg: DBG: chan_5 -> SETKEYDESC
Do you really want to delete the private OpenPGP subkey permanently? (y/N) Autogenerated+Key+<vault@mydomain.com>%22%0A2048-Bit+DSA+Key,+ID+558B0205D1894962,generated+2019-07-03.%0A?
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> DELETE_KEY A50FB634D9E33FEE1D9B8861A563F4C53BC20CD1
gpg: DBG: chan_5 <- ERR 67108949 No Pinentry <GPG Agent>
gpg: Error during deletion of the private key: No Pinentry
gpg: DBG: chan_5 -> HAVEKEY 489F5816348DA3C7D2540D5748CD0AC1E4ACA459
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> SETKEYDESC
Do you really want to delete the private OpenPGP subkey permanently? (y/N) Autogenerated+Key+<vault@mydomain.com>%22%0A3072-Bit+RSA+Key,+ID+42CA4781026C931E,generated+2019-07-03+(Main Key-ID+558B0205D1894962).%0A?
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> DELETE_KEY 489F5816348DA3C7D2540D5748CD0AC1E4ACA459
gpg: DBG: chan_5 <- ERR 67108949 No Pinentry <GPG Agent>
gpg: Error during deletion of the private subkey: No Pinentry
gpg: 12E6713D592E3FA210EE05E9558B0205D1894962: delete key failed: No Pinentry
gpg: secmem usage: 224/65536 bytes in 1 blocks
我是运行Ubuntu18.04,python3.6.7,gnupg版本2.2.4(如图gpg.version)
我现在解决了这个问题。
删除密钥时,GPG 会尝试调用 pinentry,这将显示图形确认对话框。由于此处 GPG 是从 python 脚本调用的,它似乎不知道任何图形桌面,它可以在其中显示此对话框,因此它给出了一个错误(至少这是我对问题的解释).
这可以通过告诉 GPG 对象为所有 gpg 命令提供选项 --yes 来解决。这将停用确认对话框。所以我只是将GPG对象的定义行改为
gpg = gnupg.GPG(gnupghome="testhome",options=['--yes'])
现在删除密钥没有错误。
我正在构建一个 python3 应用程序,它生成一个 GPG 密钥,要求输入密码和 de/encrypts 文件。我想,每次启动应用程序都需要输入正确的密码。
目前看来,gpg-agent 在应用程序关闭后仍然持有密码。重新启动应用程序不需要正确的密码来解密数据。
所以我想到了将密钥(public 和私有)导出到 ASCII 装甲文件中,在开始时导入它并在应用程序关闭时再次从密钥环中删除密钥。当我尝试删除密钥(首先是私钥,如 documentation 中所述)并显示结果对象的标准错误时,它显示 "No Pinentry" 错误。
我写了一个简短的测试程序:
import gnupg
gpg = gnupg.GPG(gnupghome="testhome")
input_data=gpg.gen_key_input(name_email="vault@mydomain.com", key_type="DSA", subkey_type="RSA",passphrase="Test")
key = gpg.gen_key(input_data)
if not gpg.list_keys():
print(key.stderr)
exit()
status=gpg.delete_keys(gpg.list_keys(True)[0]['fingerprint'],secret=True, passphrase="Test")
print(status.stderr)
最后的打印语句显示:
gpg: Hinweis: Keine voreingestellte Optionendatei '...testhome/gpg.conf' vorhanden
gpg: enabled debug flags: ipc
gpg: DBG: chan_5 <- OK Pleased to meet you, process 2103
gpg: DBG: connection to agent established
gpg: DBG: chan_5 -> RESET
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION ttytype=xterm-256color
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION display=:0
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION xauthority=/run/user/1000/gdm/Xauthority
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=XMODIFIERS=@im=ibus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=GTK_IM_MODULE=ibus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=QT_IM_MODULE=ibus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> GETINFO version
gpg: DBG: chan_5 <- D 2.2.4
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION allow-pinentry-notify
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION pinentry-mode=loopback
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> HAVEKEY A50FB634D9E33FEE1D9B8861A563F4C53BC20CD1
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> HAVEKEY A50FB634D9E33FEE1D9B8861A563F4C53BC20CD1
gpg: DBG: chan_5 <- OK
[GNUPG:] KEY_CONSIDERED 12E6713D592E3FA210EE05E9558B0205D1894962 0
gpg: DBG: chan_5 -> SETKEYDESC Möchten+Sie+den+ausgewählten+geheimen+OpenPGP+Schlüssel+wirklich+dauerhaft+entfernen?+(j/N)%0A%22Autogenerated+Key+<vault@mydomain.com>%22%0A2048-Bit+DSA+Schlüssel,+ID+558B0205D1894962,%0Aerzeugt+2019-07-03.%0A?
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> DELETE_KEY A50FB634D9E33FEE1D9B8861A563F4C53BC20CD1
gpg: DBG: chan_5 <- ERR 67108949 Kein Pinentry <GPG Agent>
gpg: Fehler beim Löschen des privaten Schlüssels: Kein Pinentry
gpg: DBG: chan_5 -> HAVEKEY 489F5816348DA3C7D2540D5748CD0AC1E4ACA459
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> SETKEYDESC Möchten+Sie+den+ausgewählten+geheimen+OpenPGP+Unterschlüssel+wirklich+dauerhaft+entfernen?+(j/N)%0A%22Autogenerated+Key+<vault@mydomain.com>%22%0A3072-Bit+RSA+Schlüssel,+ID+42CA4781026C931E,%0Aerzeugt+2019-07-03+(Hauptschlüssel-ID+558B0205D1894962).%0A?
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> DELETE_KEY 489F5816348DA3C7D2540D5748CD0AC1E4ACA459
gpg: DBG: chan_5 <- ERR 67108949 Kein Pinentry <GPG Agent>
gpg: Fehler beim Löschen des privaten Unterschlüssels: Kein Pinentry
gpg: 12E6713D592E3FA210EE05E9558B0205D1894962: delete key failed: Kein Pinentry
gpg: secmem usage: 224/65536 bytes in 1 blocks
由于错误信息包含德语,我会尝试正确翻译这些段落:
gpg: Notice: No preset options file '...testhome/gpg.conf' found
gpg: enabled debug flags: ipc
gpg: DBG: chan_5 <- OK Pleased to meet you, process 2103
gpg: DBG: connection to agent established
gpg: DBG: chan_5 -> RESET
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION ttytype=xterm-256color
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION display=:0
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION xauthority=/run/user/1000/gdm/Xauthority
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=XMODIFIERS=@im=ibus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=GTK_IM_MODULE=ibus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION putenv=QT_IM_MODULE=ibus
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> GETINFO version
gpg: DBG: chan_5 <- D 2.2.4
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION allow-pinentry-notify
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> OPTION pinentry-mode=loopback
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> HAVEKEY A50FB634D9E33FEE1D9B8861A563F4C53BC20CD1
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> HAVEKEY A50FB634D9E33FEE1D9B8861A563F4C53BC20CD1
gpg: DBG: chan_5 <- OK
[GNUPG:] KEY_CONSIDERED 12E6713D592E3FA210EE05E9558B0205D1894962 0
gpg: DBG: chan_5 -> SETKEYDESC
Do you really want to delete the private OpenPGP subkey permanently? (y/N) Autogenerated+Key+<vault@mydomain.com>%22%0A2048-Bit+DSA+Key,+ID+558B0205D1894962,generated+2019-07-03.%0A?
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> DELETE_KEY A50FB634D9E33FEE1D9B8861A563F4C53BC20CD1
gpg: DBG: chan_5 <- ERR 67108949 No Pinentry <GPG Agent>
gpg: Error during deletion of the private key: No Pinentry
gpg: DBG: chan_5 -> HAVEKEY 489F5816348DA3C7D2540D5748CD0AC1E4ACA459
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> SETKEYDESC
Do you really want to delete the private OpenPGP subkey permanently? (y/N) Autogenerated+Key+<vault@mydomain.com>%22%0A3072-Bit+RSA+Key,+ID+42CA4781026C931E,generated+2019-07-03+(Main Key-ID+558B0205D1894962).%0A?
gpg: DBG: chan_5 <- OK
gpg: DBG: chan_5 -> DELETE_KEY 489F5816348DA3C7D2540D5748CD0AC1E4ACA459
gpg: DBG: chan_5 <- ERR 67108949 No Pinentry <GPG Agent>
gpg: Error during deletion of the private subkey: No Pinentry
gpg: 12E6713D592E3FA210EE05E9558B0205D1894962: delete key failed: No Pinentry
gpg: secmem usage: 224/65536 bytes in 1 blocks
我是运行Ubuntu18.04,python3.6.7,gnupg版本2.2.4(如图gpg.version)
我现在解决了这个问题。
删除密钥时,GPG 会尝试调用 pinentry,这将显示图形确认对话框。由于此处 GPG 是从 python 脚本调用的,它似乎不知道任何图形桌面,它可以在其中显示此对话框,因此它给出了一个错误(至少这是我对问题的解释).
这可以通过告诉 GPG 对象为所有 gpg 命令提供选项 --yes 来解决。这将停用确认对话框。所以我只是将GPG对象的定义行改为
gpg = gnupg.GPG(gnupghome="testhome",options=['--yes'])
现在删除密钥没有错误。