Updated after 3 week vacation. gnupg says "no pinentry"

Like the title says, I upgraded my nixos-unstable after 3 weeks and now gpg -d foo.gpg tells me:

gpg: public key decryption failed: No pinentry
gpg: decryption failed: No secret key

Did anything change with regards to gpg or pinentry?

pinentry has been disabled by default. The commit includes a release note saying

GnuPG is now built without support for a graphical passphrase entry by default. Please enable the gpg-agent user service via the NixOS option programs.gnupg.agent.enable. Note that upstream recommends using gpg-agent and will spawn a gpg-agent on the first invocation of GnuPG anyway.

3 Likes

@lilyball Yep, thanks, that worked perfectly!

This doesn’t change anything for me, despite of programs.gnupg.agent.enables value, I get the pinentry error.

this worked after reboot

1 Like

Just installed nixos and for me it has never worked.
The problem appears to be that no matter what I say in configuration.nix, the gpg-agent ignores my ~/.gnupg/gnupg-agent.conf and only looks for the pinentry in the same store path where gpg itself resides.

Which renders me completely unable to get any prompt (no matter whether it’s graphical or tty).

A workaround was to disable gpg-agent system wide and manually start the agent with everything user-installed (i.e. pinentry and gnupg)