# Fixing gpg-agent,app-crypt/pinentry,newpg,"conn refused

## jago25_98

Ok, if you're wondering what on earth happened to newpg and gpg-agent or what the setup is now read on.

You can thank moritz from irc.freenode.net #gnupg for this info.

Ok, first up is that

- gpg-agent is used to save you having to type your password in everytime you want to encode something. Passwords are held in memory. Insecure in someways but convient this you're more likely to use it.

- newpg, which originally provided gpg-agent is not to be used. It's old and defunct. Stear clear. It has been removed from portage.

- gpg-agent is now being included with gnupg. gpg-agent is part of a set of extra tools for gpg called aegypten

At the time of writing the current stable gnupg release in portage DOESN'T include gpg-agent. You need to emerge an unstable release. I merged in version 1.9.10. (So you shouldn't have to mess with cvs versions or like I initially did, or do tarballs from hand)

Also, there's another program involved:

```
app-crypt/pinentry
```

It provides 3 methods of inputting your password across to gpg-agent:

pinentry-curses,  pinentry-qt & pinentry-curses,  pinentry-gtk . Hopefully gpg-agent is a dependancy of this so it should pull it in for you (I'm not sure as I unknowingly did things by hand at first).

Unfortunately gpg seems to possibly be set up wrong by default so you need to specify the pinentry binary. I do this by putting:

```
echo "pinentry-program /usr/bin/pinentry-gtk" >> ~/.gnupg/gpg-agent.conf 
```

I noticed I didn't have a gpg-agent.conf file. 

You then need to put:

```
eval `gpg-agent --daemon`
```

in your login file (~/.bashrc).

Bear in mind that sometimes if you start gpg-agent in one xterm, you need to run gpg from a child process of that xterm, or in the same xterm. A good way of doing this is to put eval `gpg-agent --daemon` in your login file.

If there's any errors in this advice let me know and i'll edit asap.

Finally here are some error messages you may have encountered:

```
gpg-agent[11037]: DBG: ... miss

gpg-agent[11037]: starting a new PIN Entry

gpg-agentgpg-agent[11037]: can't connect to the PIN entry module: connect failed

gpg-agent[11037]: command get_passphrase failed: No pinentry

gpg-agent[11037.0x80752a0] DBG: -> ERR 67108949 No pinentry <GPG Agent>

gpg: problem with the agent - disabling agent use

Enter passphrase: gpg-agent[11037.0x80752a0] DBG: <- [EOF]

gpg-agent[11037]: handler for fd 0 terminated

```

```
gpg: can't connect to `/tmp/gpg-b05wla/S.gpg-agent': Connection refused
```

These error messages relate to gpg-agent not finding the pinentry binary.

 *Quote:*   

> 
> 
> <marcus> gpg-agent uses a sucky default path for pinentry
> 
> <marcus> in my opinion, a long outstanding bug, but werner might disagree 
> ...

 

----------

## jago25_98

another bug: You need a newer version of libgcrypt, which is also masked. You might not notice this until you try to generate a new key.

Essentially this means gpg-agent is masked.

 *Quote:*   

> > I saw the the thread of Thorsten Hirsch about the assertion error with gnupg 
> 
> > version 1.9.10, and I have found that here gpg is failing at the same 
> 
> > assertion error while generating a new key
> ...

 

Oh no, it gets worse...

```

[GNUPG:] GOOD_PASSPHRASE

gpg: Ohhhh jeeee: ... this is a bug (keygen.c:1699:do_create)
```

^ the fix for this is to move ~/.gnupg and keep trying

----------

## taskara

when I run $GPG_AGENT_INFO I get the following:

```
chris@sparticus ~ $ $GPG_AGENT_INFO

bash: /tmp/gpg-XXp0EE/S.gpg-agent:12458:1: No such file or directory

```

is that normal? gpg-agent and pinsentry-qt are definately working  :Smile: 

also, fyi this is my entry in bashrc 

```
if ! test "$GPG_AGENT_INFO"; then

        eval "$(gpg-agent --daemon)"

fi
```

cheers

----------

## taskara

 *jago25_98 wrote:*   

> 
> 
> ```
> 
> [GNUPG:] GOOD_PASSPHRASE
> ...

 

hmm.. yes I get this too  :Wink:  is there a better fix so I don't have to move .gnupg and set things up again?

and i can't search or create..

```
chris@josiah ~ $ gpg --search blah@blah.com

gpg: NOTE: THIS IS A DEVELOPMENT VERSION!

gpg: It is only intended for test purposes and should NOT be

gpg: used in a production environment or with production keys!

gpg: no keyserver known (use option --keyserver)

gpg: keyserver search failed: Syntax error in URI

```

```
chris@josiah ~ $ gpg --search --keyserver subkeys.pgp.net blah@blah.com

gpg: NOTE: THIS IS A DEVELOPMENT VERSION!

gpg: It is only intended for test purposes and should NOT be

gpg: used in a production environment or with production keys!

gpg: unable to execute program "gpgkeys_hkp": No such file or directory

gpg: no handler for keyserver scheme "hkp"

gpg: keyserver search failed: Keyserver error
```

-c

----------

## niknik

for some obscure reason the gpg-agent is disabled in the newest gnupg ebuild, and i dont know how to enable it  :Sad:  any ideas?

Nik

----------

## Clou

 *niknik wrote:*   

> for some obscure reason the gpg-agent is disabled in the newest gnupg ebuild, and i dont know how to enable it  any ideas?

 

I think gpg-agent got seperated into 

app-crypt/gpg-agent

HTH

Thorsten

----------

## genterminl

But gpg-agent is still  masked ~x86, even though it is suggested in the GnuPG Gentoo user guide (http://www.gentoo.org/doc/en/gnupg-user.xml).  I really hate to use development versions of things without a better idea of how stable they are or are not.  I'm glad to go bleeding edge, but I like to  know  how much first-aid I'm likely to need.

----------

## BlackEye

 *taskara wrote:*   

> 
> 
> ```
> chris@josiah ~ $ gpg --search blah@blah.com
> 
> ...

 

Since the gpgkeys_* commands aren't in the newer gnupg package, you should try the gnupg-1.4.1 version which contains these commands

----------

