pinentry-mac might delete a correct passphrase and may not be able to save the new passphrase (related to rdar://50789571)
Reported by Support | May 16th, 2019 @ 01:53 AM | in 2.2.20 (closed)
Assigned to Stable #70286. If radar://50789571 is in effect, pinentry-mac won't be able to read out the password for a key and thus present the user with the default pinentry-mac dialog and ask them to enter their passphrase.
If the user enters their passphrase, pinentry-mac will first delete the existing keychain item for the key and later try to add a new one with the passphrase entered by the user. With rdar://50789571 in effect however, it is no longer possible to add keychain items to the login keychain.
pinentry-mac must use SecItemUpdate instead of
SecKeychainItemDelete/SecItemAdd
Reproduce
- Follow https://gist.github.com/lukele/a264b7b968180e21cfc5ab7f116ab914
to put macOS keychain into locked state.
- send encrypted + signed email with account for which the
OpenPGP password is stored in macOS keychain
- pinentry will show (expected due to Apple bug radar://50789571) and ask for OpenPGP
password despite the fact that it exists in macOS keychain
- enter a wrong password 3 times
Currently
macOS 10.14.6, GPG Suite 2544n:
after the third attempt using a wrong password, the existing macOS
keychain entry with correct password is deleted
see also #729
2019-07-10 update
- macOS 10.15b3 fixed ✔
- macOS 10.14.6b4 not fixed ✘
Comments and changes to this ticket
-
steve May 29th, 2019 @ 12:37 PM
- Milestone cleared.
- Importance changed from “” to “Low”
-
Luke Le June 3rd, 2019 @ 05:30 PM
- Assigned user set to “Mento”
-
steve June 11th, 2019 @ 12:31 PM
- State changed from “new” to “fixed”
- Milestone set to “2.2.17”
relevant pinentry commits (prevent that OpenPGP passwords are deleted):
-
-
-
steve September 1st, 2019 @ 05:07 PM
- State changed from “released” to “started”
- Tag cleared.
GPG suite 2019.1 2539
macOS 10.14.6
persisting, re-opening. -
-
steve September 18th, 2019 @ 12:34 PM
- State changed from “started” to “verified”
- Tag cleared.
- Milestone changed from “2.2.17” to “2.3.0”
macOS 10.14.6, GPG Suite 2544n + pinentry-mac (test file placed in /usr/local/MacGPG2/libexec):
when manually entering the password into pinentry-mac the item in macOS keychain remains intact and is not deleted.verified
-
-
-
Support January 12th, 2020 @ 01:43 PM
- Tag changed from “” to “#tag id: 460388, name:”
Assigned to Tender discussion #1076.
-
Support May 28th, 2020 @ 07:09 PM
- Tag changed from “#tag id: 460388, name:” to “tag id 460388, name”
Assigned to Tender discussion #106038.
-
steve June 29th, 2020 @ 11:57 AM
- Tag cleared.
- Milestone changed from “2.3.0” to “2.2.20”
-
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Lars
Luke Le
steve
Support
Referenced by
-
729
pinentry-mac asks for passphrase even though it is available in Keychain Access
see also #730
-
729
pinentry-mac asks for passphrase even though it is available in Keychain Access
For 10.14 we now have a fix which prevents that the item ...