主页 / user-523540

nunop's questions

Martin Hope
nunop
Asked: 2021-09-18 06:01:56 +0800 CST
  • 5

我正在尝试将 PGP 密钥导入 NixOS(从Openkeychain导出)。此密钥用于加密和解密密码列表(使用pass)。

以下是重现问题的步骤(您可以按照本指南进行操作):

  1. 在 Openkeychain 中,对密钥进行备份,记下 36 位代码并保存;

  2. 在 NixOS 中(假设您的 ~/Downloads 文件夹中有备份密钥),键入以下内容:

nix-shell -p gnupg --run 'gpg --decrypt --pinentry-mode=loopback ~/Downloads/backup_2021-09-16.sec.pgp | gpg --import'

这应该会导致导入一个密钥,但我只得到一个公钥。这是完整的输出:

gpg: unknown armor header: Passphrase-Format: numeric9x4
gpg: unknown armor header: Passphrase-Begin: 40
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
gpg: key 0x10D48E16F953D026: public key "John Doe <[email protected]>" imported
gpg: key 0x10D48E16F953D026: "John Doe <[email protected]>" not changed
gpg: key 0x10D48E16F953D026/0x10D48E16F953D026: error sending to agent: Without pinentry
gpg: error building skey array: Sem pinentry
gpg: error reading '[stdin]': Without pinentry
gpg: import from '[stdin]' failed: Without pinentry
gpg: Total number processed: 1
gpg:               imported: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1

我尝试按照此处gpg-agent.conf的建议将以下条目添加到:

pinentry-program /run/current-system/sw/bin/pinentry-curses

然后$ gpgconf --reload gpg-agent重新加载 gpg-agent,然后是 import 命令:

nix-shell -p gnupg --run 'gpg --decrypt --pinentry-mode=loopback ~/Downloads/backup_2021-09-16.sec.pgp | gpg --import'

会输出这个:

gpg: unknown armor header: Passphrase-Format: numeric9x4
gpg: unknown armor header: Passphrase-Begin: 40
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
gpg: key 0x10D48E16F953D026: public key "John Doe <[email protected]>" imported
gpg: key 0x10D48E16F953D026: "John Doe <[email protected]>" not changed
gpg: key 0x10D48E16F953D026/0x10D48E16F953D026: error sending to agent: Inappropriate ioctl for device
gpg: error building skey array: Inappropriate ioctl for device
gpg: error reading '[stdin]': Inappropriate ioctl for device
gpg: import from '[stdin]' failed: Inappropriate ioctl for device
gpg: Total number processed: 1
gpg:               imported: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1

有趣的是,执行以下操作将解密并在终端上输出公钥和私钥,无论是否将上述条目添加到gpg-agent.conf文件中:

nix-shell -p gnupg --run 'gpg --decrypt --pinentry-mode=loopback < ~/Downloads/backup_2021-09-16.sec.pgp'
gnupg password-management