pinentry-touchid
pinentry-touchid copied to clipboard
Published
20 hours ago •
jorgelbg
jorgelbg
No touchid prompt
Hi,
I've been able to configure pinentry-mac to work and store the key's passphrase in the keychain, no issue whatsoever.
But once I switch my ~/.gnupg/gpg-agent.conf to
default-cache-ttl 1
max-cache-ttl 1
#pinentry-program /usr/local/bin/pinentry-mac
pinentry-program /usr/local/bin/pinentry-touchid
It never brings the touchID prompt. I have looked into allowing pinentry-touchid in the access control of the keychain entry as mentionned.
to add /usr/local/bin/pinentry-touchid
But this doesn't work either, my git debug output tells me:
15:17:57.787749 run-command.c:668 trace: run_command: /usr/local/bin/gpg --status-fd=2 -bsau xxxxxx
error: gpg failed to sign the data
And if I retry this command in another terminal, it hangs infinitely.
[GNUPG:] KEY_CONSIDERED xxxxx 2
[GNUPG:] BEGIN_SIGNING H10
Even something as simple as echo "test" | gpg -vvv --clearsign will fail
gpg: using character set 'utf-8'
gpg: Note: RFC4880bis features are enabled.
gpg: Note: signature key A0D8xxxx expired Dim 1 nov 19:31:02 2020 CET
gpg: using pgp trust model
gpg: key <mykey>: accepted as trusted key
gpg: writing to stdout
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
test
gpg: signing failed: Operation cancelled
gpg: [stdin]: clear-sign failed: Operation cancelled
Can you verify if invoking /usr/local/bin/pinentry-mac directly in a terminal shows something like:
~
❯❯❯ /usr/local/bin/pinentry-touchid
OK Hi from pinentry-touchid!
Could you also attach the output from gpgconf and the logs from /tmp/pinentry-touchid.log?
You can also enable the debug mode of gpg itself by adding these couple of lines to your ~/.gnupg/gpg-agent.conf:
debug-level basic
log-file /Users/<USERNAME>/.gnupg/gpg-agent.log
Keep in mind that you need to restart the gpg-agent afterwards: gpg-connect-agent reloadagent /bye. Did you install gpg via homebrew?
✘ gabrielmarquet@LT-xxx ~/Desktop/ main ✚ /usr/local/bin/pinentry-touchid
OK Hi from pinentry-touchid!
✘ gabrielmarquet@LT-C02DK98DMD6M ~/Desktop/ main ✚ gpgconf
gpg:OpenPGP:/usr/local/Cellar/gnupg/2.3.3_1/bin/gpg
gpgsm:S/MIME:/usr/local/Cellar/gnupg/2.3.3_1/bin/gpgsm
keyboxd:Public Keys:/usr/local/Cellar/gnupg/2.3.3_1/libexec/keyboxd
gpg-agent:Private Keys:/usr/local/Cellar/gnupg/2.3.3_1/bin/gpg-agent
scdaemon:Smartcards:/usr/local/Cellar/gnupg/2.3.3_1/libexec/scdaemon
dirmngr:Network:/usr/local/Cellar/gnupg/2.3.3_1/bin/dirmngr
pinentry:Passphrase Entry:/usr/local/opt/pinentry/bin/pinentry
16:01:39.400744 git.c:455 trace: built-in: git config --get oh-my-zsh.hide-dirty
16:01:39.493943 git.c:455 trace: built-in: git rev-parse --show-toplevel
16:01:39.508964 git.c:455 trace: built-in: git rev-parse --quiet --verify HEAD
/tmp/pinentry-touchid.log
2021/11/16 16:03:55 main.go:105: Ready!
2021/11/16 16:03:55 main.go:256: Error calling pinentry-mac: unexpected response: ERR 83918950 Inappropriate ioctl for device <Pinentry>
2021/11/16 16:03:55 main.go:260: pinentry-mac didn't return a password
2021/11/16 16:03:56 main.go:105: Ready!
2021/11/16 16:03:56 main.go:256: Error calling pinentry-mac: unexpected response: ERR 83918950 Inappropriate ioctl for device <Pinentry>
2021/11/16 16:03:56 main.go:260: pinentry-mac didn't return a password
/usr/local/bin/gpg -> ../Cellar/gnupg/2.3.3_1/bin/gpg
Seems like homebrew, I'm running Monterey 12.0.1 (21A559), thanks a lot for taking a look into this :)
Here's a quick extract from the pgp debug log, sorry I forgot to add that
gpg-agent[14104]: DBG: chan_7 -> OK Pleased to meet you, process 16420
gpg-agent[14104]: DBG: chan_7 <- RESET
gpg-agent[14104]: DBG: chan_7 -> OK
gpg-agent[14104]: DBG: chan_7 <- OPTION ttytype=xterm-256color
gpg-agent[14104]: DBG: chan_7 -> OK
gpg-agent[14104]: DBG: chan_7 <- GETINFO version
gpg-agent[14104]: DBG: chan_7 -> D 2.3.3
gpg-agent[14104]: DBG: chan_7 -> OK
gpg-agent[14104]: DBG: chan_7 <- OPTION allow-pinentry-notify
gpg-agent[14104]: DBG: chan_7 -> OK
gpg-agent[14104]: DBG: chan_7 <- OPTION agent-awareness=2.1.0
gpg-agent[14104]: DBG: chan_7 -> OK
gpg-agent[14104]: DBG: chan_7 <- HAVEKEY --list=1000
gpg-agent[14104]: new connection to /usr/local/Cellar/gnupg/2.3.3_1/libexec/scdaemon daemon established (reusing)
gpg-agent[14104]: DBG: chan_9 -> KEYINFO --list
gpg-agent[14104]: DBG: chan_9 <- OK
gpg-agent[14104]: DBG: chan_7 -> [ 44 20 2c f8 da 14 ed 0e af 1b 66 df 64 a5 19 28 ...(26 byte(s) skipped) ]
gpg-agent[14104]: DBG: chan_7 -> OK
gpg-agent[14104]: DBG: chan_7 <- RESET
gpg-agent[14104]: DBG: chan_7 -> OK
gpg-agent[14104]: DBG: chan_7 <- SIGKEY B6Cxxx
gpg-agent[14104]: DBG: chan_7 -> OK
gpg-agent[14104]: DBG: chan_7 <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22Gabriel+Marquet+(Work+key+for+Github)+<email>%22%0A255-bit+EDDSA+key,+ID+3Exxxx,%0Acreated+2021-11-16.%0A
gpg-agent[14104]: DBG: chan_7 -> OK
gpg-agent[14104]: DBG: chan_7 <- SETHASH 10 5CB17xxxx
gpg-agent[14104]: DBG: chan_7 -> OK
gpg-agent[14104]: DBG: chan_7 <- PKSIGN
gpg-agent[14104]: starting a new PIN Entry
gpg-agent[14104]: DBG: connection to PIN entry established
gpg-agent[14104]: You may want to update to a newer pinentry
gpg-agent[14104]: DBG: error calling pinentry: Operation cancelled <Pinentry>
gpg-agent[14104]: failed to unprotect the secret key: Operation cancelled
gpg-agent[14104]: failed to read the secret key
gpg-agent[14104]: command 'PKSIGN' failed: Operation cancelled <Pinentry>
gpg-agent[14104]: DBG: chan_7 -> ERR 83886179 Operation cancelled <Pinentry>
gpg-agent[14104]: DBG: chan_7 <- [eof]
gpg-agent[14104]: DBG: chan_9 -> RESTART
gpg-agent[14104]: DBG: chan_9 <- OK
FYI I just saw a similar comment here https://golangrepo.com/repo/jorgelbg-pinentry-touchid-go-security
the You may want to update to a newer pinentry is interesting 🤔
When executing pinentry --help I get
pinentry-curses (pinentry) 1.2.0
Copyright (C) 2016 g10 Code GmbH
thanks a lot for taking a look into this :)
Any time! Glad that you are willing to give it a try!
From the gpgconf output I see that the path returned for the pinentry:Passphrase Entry key is pointing to /usr/local/opt/pinentry/bin/pinentry. On my system that symlink points to pinentry-ncurses:
❯ ll /usr/local/opt/pinentry/bin/pinentry
lrwxr-xr-x 15 jbetancourt 25 Aug 14:25 /usr/local/opt/pinentry/bin/pinentry -> pinentry-curses
Can you try to force that symlink to pinentry-mac and try again? This is what I executed on my system:
❯ ln -fs /usr/local/bin/pinentry-mac /usr/local/opt/pinentry/bin/pinentry
gabrielmarquet@LT-C02DK98DMD6M ~/.ssh ln -fs /usr/local/bin/pinentry-mac /usr/local/opt/pinentry/bin/pinentry
gabrielmarquet@LT-C02DK98DMD6M ~/.ssh ls -lia /usr/local/opt/pinentry/bin/pinentry
34364762 lrwxr-xr-x 1 gabrielmarquet admin 27 Nov 16 18:08 /usr/local/opt/pinentry/bin/pinentry -> /usr/local/bin/pinentry-mac
✘ gabrielmarquet@LT-C02DK98DMD6M ~/.ssh cat ~/.gnupg/gpg-agent.conf
enable-ssh-support
use-standard-socket
#default-cache-ttl 1
#max-cache-ttl 1
debug-level basic
log-file /Users/gabrielmarquet/.gnupg/gpg-agent.log
#pinentry-program /usr/local/bin/pinentry-mac
pinentry-program /usr/local/bin/pinentry-touchid
#pinentry-program /usr/local/opt/pinentry-touchid/bin/pinentry-touchid
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> OK Pleased to meet you, process 32699
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 <- RESET
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> OK
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 <- OPTION ttyname=/dev/ttys002
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> OK
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 <- OPTION ttytype=xterm-256color
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> OK
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 <- OPTION lc-ctype=UTF-8
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> OK
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 <- GETINFO version
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> D 2.3.3
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> OK
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 <- OPTION allow-pinentry-notify
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> OK
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 <- OPTION agent-awareness=2.1.0
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> OK
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 <- HAVEKEY --list=1000
2021-11-16 18:09:11 gpg-agent[32544] new connection to /usr/local/Cellar/gnupg/2.3.3_1/libexec/scdaemon daemon established (reusing)
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_10 -> KEYINFO --list
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_10 <- OK
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> [ 44 2xxxx ...(26 byte(s) skipped) ]
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> OK
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 <- RESET
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> OK
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 <- SIGKEY B6Cxxx
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> OK
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22Gabriel+Marquet+(Work+key+for+Github)+<gmaxxx>%22%0A255-bit+EDDSA+key,+ID+3E2x,%0Acreated+2021-11-16.%0A
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> OK
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 <- SETHASH 10 8CDFxxx
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 -> OK
2021-11-16 18:09:11 gpg-agent[32544] DBG: chan_8 <- PKSIGN
2021-11-16 18:09:11 gpg-agent[32544] starting a new PIN Entry
2021-11-16 18:09:11 gpg-agent[32544] DBG: connection to PIN entry established
2021-11-16 18:09:11 gpg-agent[32544] You may want to update to a newer pinentry
2021-11-16 18:09:12 gpg-agent[32544] DBG: error calling pinentry: Operation cancelled <Pinentry>
2021-11-16 18:09:12 gpg-agent[32544] failed to unprotect the secret key: Operation cancelled
2021-11-16 18:09:12 gpg-agent[32544] failed to read the secret key
2021-11-16 18:09:12 gpg-agent[32544] command 'PKSIGN' failed: Operation cancelled <Pinentry>
2021-11-16 18:09:12 gpg-agent[32544] DBG: chan_8 -> ERR 83886179 Operation cancelled <Pinentry>
2021-11-16 18:09:12 gpg-agent[32544] DBG: chan_8 <- [eof]
2021-11-16 18:09:12 gpg-agent[32544] DBG: chan_10 -> RESTART
2021-11-16 18:09:12 gpg-agent[32544] DBG: chan_10 <- OK
2021/11/16 17:12:42 main.go:260: pinentry-mac didn't return a password
2021/11/16 18:07:03 main.go:105: Ready!
2021/11/16 18:07:03 main.go:285: Duplicated entry in the keychain
2021/11/16 18:07:21 main.go:105: Ready!
2021/11/16 18:07:21 main.go:285: Duplicated entry in the keychain
2021/11/16 18:09:11 main.go:105: Ready!
2021/11/16 18:09:12 main.go:285: Duplicated entry in the keychain
I think we've got something interesting, duplicated entry in the keychain ?
Oh nice !! it started working as soon as I cleared out my keychain after re-storing the passphrase once :D ! Thank you so much ! this was the damn symlink
Oh nice !! it started working as soon as I cleared out my keychain after re-storing the passphrase once :D ! Thank you so much ! this was the damn symlink
@Gby56 Can you elaborate on how you cleared your keychain? I have exactly the same issue of the "Duplicated entry in the keychain" error. I already adjusted the symlink, after that cleared out my keychain by deleting the one entry with location "GnuPG", added it back into the keychain using pinentry-mac, but when changing to pinentry-touchid it still says gives me the duplication error. Would be grateful for any advice.
macOS 12.5
Logs and Configs
(Sorry, it's partially German)
GPG Conf
gpg:OpenPGP:/opt/homebrew/Cellar/gnupg/2.3.6/bin/gpg
gpgsm:S/MIME:/opt/homebrew/Cellar/gnupg/2.3.6/bin/gpgsm
keyboxd:Öffentliche Schlüssel:/opt/homebrew/Cellar/gnupg/2.3.6/libexec/keyboxd
gpg-agent:Geheime Schlüssel:/opt/homebrew/Cellar/gnupg/2.3.6/bin/gpg-agent
scdaemon:Smartcard:/opt/homebrew/Cellar/gnupg/2.3.6/libexec/scdaemon
dirmngr:Netz:/opt/homebrew/Cellar/gnupg/2.3.6/bin/dirmngr
pinentry:Passwort Eingabe:/opt/homebrew/opt/pinentry/bin/pinentry
GPG
2022-08-03 17:20:51 gpg-agent[3972] Es wird auf Socket `/Users/wittler/.gnupg/S.gpg-agent' gehört
2022-08-03 17:20:51 gpg-agent[3972] Es wird auf Socket `/Users/wittler/.gnupg/S.gpg-agent.extra' gehört
2022-08-03 17:20:51 gpg-agent[3972] Es wird auf Socket `/Users/wittler/.gnupg/S.gpg-agent.browser' gehört
2022-08-03 17:20:51 gpg-agent[3972] Es wird auf Socket `/Users/wittler/.gnupg/S.gpg-agent.ssh' gehört
2022-08-03 17:20:51 gpg-agent[3973] gpg-agent (GnuPG) 2.3.6 started
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK Pleased to meet you, process 3971
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- RESET
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- OPTION ttyname=/dev/ttys000
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- OPTION ttytype=xterm-256color
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- OPTION lc-ctype=de_DE.UTF-8
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- OPTION lc-messages=de_DE.UTF-8
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- GETINFO version
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> D 2.3.6
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- OPTION allow-pinentry-notify
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- OPTION agent-awareness=2.1.0
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- SCD SERIALNO
2022-08-03 17:20:51 gpg-agent[3973] no running /opt/homebrew/Cellar/gnupg/2.3.6/libexec/scdaemon daemon - starting it
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 <- OK GNU Privacy Guard's Smartcard server ready
2022-08-03 17:20:51 gpg-agent[3973] first connection to daemon /opt/homebrew/Cellar/gnupg/2.3.6/libexec/scdaemon established
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 -> GETINFO socket_name
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 <- D /Users/wittler/.gnupg/S.scdaemon
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 <- OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: additional connections at '/Users/wittler/.gnupg/S.scdaemon'
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 -> OPTION event-signal=31
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 <- OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 -> SERIALNO
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 <- ERR 100696144 Operation not supported by device <SCD>
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> ERR 100696144 Operation not supported by device <SCD>
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- HAVEKEY --list=1000
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 -> KEYINFO --list
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 <- OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> [ 44 2xxxx ...(28 byte(s) skipped) ]
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- KEYINFO 338xxx
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 -> KEYINFO --list
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 <- OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> S KEYINFO 338xxx D - - - P - - -
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- RESET
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- SIGKEY 338xxx
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- SETKEYDESC xxx
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- SETHASH 8 489xxxx
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> OK
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- PKSIGN
2022-08-03 17:20:51 gpg-agent[3973] starting a new PIN Entry
2022-08-03 17:20:51 gpg-agent[3973] DBG: connection to PIN entry established
2022-08-03 17:20:51 gpg-agent[3973] You may want to update to a newer pinentry
2022-08-03 17:20:51 gpg-agent[3973] DBG: error calling pinentry: Operation cancelled <Pinentry>
2022-08-03 17:20:51 gpg-agent[3973] failed to unprotect the secret key: Operation cancelled
2022-08-03 17:20:51 gpg-agent[3973] failed to read the secret key
2022-08-03 17:20:51 gpg-agent[3973] command 'PKSIGN' failed: Operation cancelled <Pinentry>
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 -> ERR 83886179 Operation cancelled <Pinentry>
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_8 <- [eof]
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 -> RESTART
2022-08-03 17:20:51 gpg-agent[3973] DBG: chan_9 <- OK
Pinentry-Touchid
2022/08/03 17:20:51 main.go:105: Ready!
2022/08/03 17:20:51 main.go:285: Duplicated entry in the keychain
Hi ! Sorry it's been a while since I've had the issue... I'll try to dig back into it but as far as I can tell, you did the appropriate steps I think
@JanWittler Can you check the output of this command:
$ security dump-keychain | grep GnuPG
This should list dump and return any items that is matching GnuPG. You can also use:
$ security find-generic-password -s 'GnuPG'
but this command only returns the first matching item.
Wow, thank you already very much for the surprising fast answers.
_ % security dump-keychain | grep GnuPG
"svce"<blob>="GnuPG"
_ % security find-generic-password -s 'GnuPG'
keychain: "/Users/xxx"
version: 512
class: "genp"
attributes:
0x00000007 <blob>="Jan Wittler <xxx@xxx> (68xxx)"
0x00000008 <blob>=<NULL>
"acct"<blob>="338xxx"
"cdat"<timedate>=0x323xxx "202xxx"
"crtr"<uint32>=<NULL>
"cusi"<sint32>=<NULL>
"desc"<blob>=<NULL>
"gena"<blob>=<NULL>
"icmt"<blob>=<NULL>
"invi"<sint32>=<NULL>
"mdat"<timedate>=0x323xxx "202xxx"
"nega"<sint32>=<NULL>
"prot"<blob>=<NULL>
"scrp"<sint32>=<NULL>
"svce"<blob>="GnuPG"
"type"<uint32>=<NULL>
@JanWittler can you remove/clear the keychain from any matching key and then giving it another try?
If possible can you make a backup of the item from the keychain? It would be interesting to find out why pinentry-touchid is failing to recognize that there is already an item in the keychain. I'm just not sure on how to look into the issue since I am not able to reproduce it myself and there is sensitive information in the keychain item 😅.
I found the solution!
Uncheck the box of 'Save in keychains' after deleting the GnuPG item in Keychains and re-trigger gpg firestly.
