#730 ✓released

pinentry-mac might delete a correct passphrase and may not be able to save the new passphrase (related to rdar://50789571)

Reported by Support | May 16th, 2019 @ 01:53 AM | in 2.2.20 (closed)

Assigned to Stable #70286. If radar://50789571 is in effect, pinentry-mac won't be able to read out the password for a key and thus present the user with the default pinentry-mac dialog and ask them to enter their passphrase.

If the user enters their passphrase, pinentry-mac will first delete the existing keychain item for the key and later try to add a new one with the passphrase entered by the user. With rdar://50789571 in effect however, it is no longer possible to add keychain items to the login keychain.

pinentry-mac must use SecItemUpdate instead of SecKeychainItemDelete/SecItemAdd


  1. Follow https://gist.github.com/lukele/a264b7b968180e21cfc5ab7f116ab914 to put macOS keychain into locked state.
  2. send encrypted + signed email with account for which the OpenPGP password is stored in macOS keychain
  3. pinentry will show (expected due to Apple bug radar://50789571) and ask for OpenPGP password despite the fact that it exists in macOS keychain
  4. enter a wrong password 3 times


macOS 10.14.6, GPG Suite 2544n:
after the third attempt using a wrong password, the existing macOS keychain entry with correct password is deleted

see also #729

2019-07-10 update

  • macOS 10.15b3 fixed ✔
  • macOS 10.14.6b4 not fixed ✘

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Shared Ticket Bins

People watching this ticket