kwalletd can't decrypt wallet

poorboywilly · May 25, 2020, 9:45pm

As of some update last week (sorry, can’t really be more specific there…but I know it was before the KDE apps 20.04.1 update recently released), every time I log in I now get an error dialog from “kwalletd GPG backend”: “Error when attempting to decrypt the wallet kdewallet using GPG. If you’re using a SmartCard, please ensure it’s inserted then try again. GPG error was No such file or directory”.

I haven’t ever used a SmartCard. Previously I would get a prompt to enter my key’s password to open this wallet when I logged in, and this is how it still is working on my Leap 15.1 install. There are “Retry” and “Cancel” buttons and both have the same effect of just showing the same error dialog again and again. The close button on the dialog also does the same.

I tried looking in journalctl for KDE and especially kwallet or GPG error messages but all I see are two messages “Activating service name=‘org.kde.kwalletd5’” and “Successfully activated service ‘org.kde.kwalletd5’”. Any ideas on either fixing this or at least finding out exactly what file or directory GPG (and hence kwalletd) can’t find?

nrickert · May 25, 2020, 10:07pm

I just booted Tumbleweed, logged into KDE, and then used a command that requires kwallet.

I was prompted for my GPG key. And everything worked as expected.

However, I logged into KDE Plasma as Xorg. I could also login to Plasma Wayland or as Plasma FullWayland.

It would help to know which you are trying. There is a difference in how gpg-agent is started, depending on which of those you use.

Maybe provide the output from

printenv | grep XDG

poorboywilly · May 26, 2020, 12:07am

I’m still using X11, haven’t really had the chance to make the plunge into Wayland yet.

XDG_CONFIG_DIRS=/etc/xdg
XDG_SESSION_PATH=/org/freedesktop/DisplayManager/Session0
XDG_SEAT=seat0
XDG_SESSION_DESKTOP=KDE
XDG_SESSION_TYPE=x11
XDG_CURRENT_DESKTOP=KDE
XDG_SEAT_PATH=/org/freedesktop/DisplayManager/Seat0
XDG_SESSION_CLASS=user
XDG_VTNR=7
XDG_SESSION_ID=1
XDG_RUNTIME_DIR=/run/user/1000
XDG_DATA_DIRS=/home/[user]/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share

nrickert · May 26, 2020, 1:18am

Is “gpg-agent” running?

I usually check that with:

ps -ef | grep gpg-agent

That agent listens on sockets such as:

/run/user/1001/gnupg/S.gpg-agent

except it will use your UID in place of that 1001. Maybe check if there are sockets in the corresponding directory on your system.

poorboywilly · May 26, 2020, 1:57am

That shows two processes:

/usr/bin/ssh-agent /usr/bin/gpg-agent --sh --daemon --keep-display /etc/X11/xinit/xinitrc
/usr/bin/gpg-agent --sh --daemon --keep-display /etc/X11/xinit/xinitrc

nrickert:

That agent listens on sockets such as:
/run/user/1001/gnupg/S.gpg-agent
except it will use your UID in place of that 1001. Maybe check if there are sockets in the corresponding directory on your system.

Here’s the socket:

srwx------ ... [user] users ... /run/user/[uid]/gnupg/S.gpg-agent

nrickert · May 26, 2020, 3:13am

That all looks normal.

What output do you see from:

ls -l .local/share/kwalletd

(this assumes you are in your home directory when running the command).

poorboywilly · May 27, 2020, 6:40am

total 8
-rw------- 1 [user] users ... kdewallet.kwl
-rw------- 1 [user] users ... kdewallet.salt

They both have a non-zero size.

nrickert · May 27, 2020, 6:48am

Does “kdewallet.kwl” have a recent date?

poorboywilly · May 27, 2020, 8:44pm

Yes, May 14 which may have been when this started. The .salt file appears to be from when I first created this user’s account.

nrickert · May 27, 2020, 11:02pm

Fair enough.

For me, the “.kwl” file seems to be from when I last opened the wallet. And the salt file is a year or so old (probably when I set it up).

My suggestion:

Logout. Maybe even reboot. Then login to a command line (or use CTRL-ALT-F1 to get to a command line).

Backup “.local/share/kwalletd” (maybe copy to another directory).
Then delete both files.

Login to KDE and see if you can setup kwallet again.

It might turn out that something else is wrong. Perhaps your GPG key is broken. If so, you might learn what is wrong when trying to setup kwallet again.

poorboywilly · May 28, 2020, 2:08am

Ugh. Finally figured it out. I was SSHed into this box a while back and trying to sign a Git tag, and I couldn’t find any other way to get it to work except by putting “pinentry-program /usr/bin/pinentry-curses” in ~/.gnupg/gpg-agent.conf. I also happened to perform an update on the same day and so I was assuming that the update had caused the issue, but it was the fact that I forgot to remove the entry. Of course, the entirely unhelpful “no such file or directory” error didn’t jog my memory.

I tried discarding the wallet files and starting afresh, but was getting the same error. It wasn’t until I tried to generate a new key pair, got the same error, and started poking around in ~/.gnupg to see if I could see something wrong there that I remembered. So thanks for the help which finally got me to remember how I broke it :).

nrickert · May 28, 2020, 2:36am

Thanks for that update. I really don’t like that way that “pinentry” is handled. But in special cases, such as your “ssh”, there is probably an environment setting you can make that will die when you logout.

poorboywilly · May 28, 2020, 4:39am

I’ve been working on it again and I can’t get anything to make it prompt on the command line for pinentry except that config. OTOH, now that I’ve got VNC finally working (another frustrating process) I can use that for when I need to sign something.