kwalletd can't decrypt wallet

As of some update last week (sorry, can’t really be more specific there…but I know it was before the KDE apps 20.04.1 update recently released), every time I log in I now get an error dialog from “kwalletd GPG backend”: “Error when attempting to decrypt the wallet kdewallet using GPG. If you’re using a SmartCard, please ensure it’s inserted then try again. GPG error was No such file or directory”.

I haven’t ever used a SmartCard. Previously I would get a prompt to enter my key’s password to open this wallet when I logged in, and this is how it still is working on my Leap 15.1 install. There are “Retry” and “Cancel” buttons and both have the same effect of just showing the same error dialog again and again. The close button on the dialog also does the same.

I tried looking in journalctl for KDE and especially kwallet or GPG error messages but all I see are two messages “Activating service name=‘org.kde.kwalletd5’” and “Successfully activated service ‘org.kde.kwalletd5’”. Any ideas on either fixing this or at least finding out exactly what file or directory GPG (and hence kwalletd) can’t find?

I just booted Tumbleweed, logged into KDE, and then used a command that requires kwallet.

I was prompted for my GPG key. And everything worked as expected.

However, I logged into KDE Plasma as Xorg. I could also login to Plasma Wayland or as Plasma FullWayland.

It would help to know which you are trying. There is a difference in how gpg-agent is started, depending on which of those you use.

Maybe provide the output from

printenv | grep XDG

I’m still using X11, haven’t really had the chance to make the plunge into Wayland yet.


Is “gpg-agent” running?

I usually check that with:

ps -ef | grep gpg-agent

That agent listens on sockets such as:


except it will use your UID in place of that 1001. Maybe check if there are sockets in the corresponding directory on your system.

That shows two processes:

/usr/bin/ssh-agent /usr/bin/gpg-agent --sh --daemon --keep-display /etc/X11/xinit/xinitrc
/usr/bin/gpg-agent --sh --daemon --keep-display /etc/X11/xinit/xinitrc

Here’s the socket:

srwx------ ... [user] users ... /run/user/[uid]/gnupg/S.gpg-agent

That all looks normal.

What output do you see from:

ls -l .local/share/kwalletd

(this assumes you are in your home directory when running the command).

total 8
-rw------- 1 [user] users ... kdewallet.kwl
-rw------- 1 [user] users ... kdewallet.salt

They both have a non-zero size.

Does “kdewallet.kwl” have a recent date?

Yes, May 14 which may have been when this started. The .salt file appears to be from when I first created this user’s account.

Fair enough.

For me, the “.kwl” file seems to be from when I last opened the wallet. And the salt file is a year or so old (probably when I set it up).

My suggestion:

Logout. Maybe even reboot. Then login to a command line (or use CTRL-ALT-F1 to get to a command line).

Backup “.local/share/kwalletd” (maybe copy to another directory).
Then delete both files.

Login to KDE and see if you can setup kwallet again.

It might turn out that something else is wrong. Perhaps your GPG key is broken. If so, you might learn what is wrong when trying to setup kwallet again.

Ugh. Finally figured it out. I was SSHed into this box a while back and trying to sign a Git tag, and I couldn’t find any other way to get it to work except by putting “pinentry-program /usr/bin/pinentry-curses” in ~/.gnupg/gpg-agent.conf. I also happened to perform an update on the same day and so I was assuming that the update had caused the issue, but it was the fact that I forgot to remove the entry. Of course, the entirely unhelpful “no such file or directory” error didn’t jog my memory.

I tried discarding the wallet files and starting afresh, but was getting the same error. It wasn’t until I tried to generate a new key pair, got the same error, and started poking around in ~/.gnupg to see if I could see something wrong there that I remembered. So thanks for the help which finally got me to remember how I broke it :).

Thanks for that update. I really don’t like that way that “pinentry” is handled. But in special cases, such as your “ssh”, there is probably an environment setting you can make that will die when you logout.

I’ve been working on it again and I can’t get anything to make it prompt on the command line for pinentry except that config. OTOH, now that I’ve got VNC finally working (another frustrating process) I can use that for when I need to sign something.