Recently I moved all my sites onto a new server. I use Duplicity and Backupninja to perform weekly backups of my server. While configuring backups on the new server, I kept encountering a strange error:

Error: gpg: using "D5673F3E" as default secret key for signing
Error: gpg: signing failed: Inappropriate ioctl for device
Error: gpg: [stdin]: sign+encrypt failed: Inappropriate ioctl for device

It turns out this error is due to changes in GnuPG 2.1, which only recently landed in Debian Testing. The error occurs because GnuPG 2.1 by default ignores passphrases passed in via environment variables or stdin, and is trying to show a pinentry prompt. "Inappropriate ioctl for device" is thrown because the Backupninja script is not running through a TTY, so there's no way to actually render the prompt.

To solve the problem, you need to enable loopback pinentry mode. Add this to ~/.gnupg/gpg.conf:

use-agent
pinentry-mode loopback

And add this to ~/.gnupg/gpg-agent.conf, creating the file if it doesn't already exist:

allow-loopback-pinentry

Then restart the agent with echo RELOADAGENT | gpg-connect-agent and you should be good to go!

Short URL for sharing: https://d.sb/B5N. This entry was posted on 6th November 2016 and is filed under Linux. You can leave a comment if you'd like to, or subscribe to the RSS feed to keep up-to-date with all my latest blog posts!

Comments

  1. Avatar for aolko aolko said:

    this post's date is out of bounds ;)

    1. Avatar for Daniel15 Daniel15 said:

      What do you mean by that?

  2. Avatar for Jin Kwon Jin Kwon said:

    Thank you for sharing this. Now my maven deploys.

    1. Avatar for Daniel15 Daniel15 said:

      I'm glad you found it useful!

  3. Avatar for Richard Stanford Richard Stanford said:

    Another thanks from me! Always annoying when backwards compatibility is an option yet neither enabled by default nor well documented.

  4. Avatar for Hans van Eijsden Hans van Eijsden said:

    Just upgraded to Debian Stretch and had this error with Duply & Duplicity. Thank you very much for this post, it works now!

    1. Avatar for Daniel15 Daniel15 said:

      I'm glad you found it useful! I encountered the same issue with Backupninja + Duplicity and it took me a while to figure out how to fix it.

  5. Avatar for Utilisateur Utilisateur said:

    Thanks, It helped me a lot !

  6. Avatar for Stephen Zurcher Stephen Zurcher said:

    Still an extremely helpful post. Thank you! Works in the WSL, too, without any adjustments. Git will now sign tags, hooray! :)

  7. Avatar for Utkarsh Verma Utkarsh Verma said:

    Worked for me. Thanks!

  8. Avatar for kyb kyb said:

    Thanks. This works fine!

  9. Avatar for Shiva Prasad Shiva Prasad said:

    Thank you! This is exactly what I wanted

  10. Avatar for Zelcon Snyder Zelcon Snyder said:

    thank you so much!

  11. Avatar for mpw mpw said:

    worked like a charm on debian 9.9. Thank you for sharing

  12. Avatar for Asha Dixon Asha Dixon said:

    Worked great, thanks so much! It seems this issue is still there even with the most up-to-date gpg (almost four years after you posted this)!

  13. Avatar for Helder Dias Helder Dias said:

    What about use --pinentry-mode loopback ?

  14. Avatar for passio passio said:

    I admire so much all these people who give us solution for our problem... THANK YOU

  15. Avatar for disqus_ZPGss1Jo7p disqus_ZPGss1Jo7p said:

    Wish I had found this earlier! I removed use agent and manually entered the passphrase as an alternate way to solve this.

  16. Avatar for William True William True said:

    Thanks for the tip. It works most of the time. But because of https://dev.gnupg.org/T3465, it does not work with `--delete-secret-keys`, which confused me a while. I chose to use `pinentry-mac` on my mac machine instead.

  17. Avatar for Kerry Snyder Kerry Snyder said:

    A-ha! Many thanks!
    Had this experience on a mac. Worked without having to reload the agent.

  18. Avatar for Mohammad Rahchamani Mohammad Rahchamani said:

    After 6 years, this is still valid. Thank you.

  19. Avatar for mibh mibh said:

    tyvm!

  20. Avatar for Marcin Winkler Marcin Winkler said:

    Finally!!! Simple, short and working solution. Thank you.

  21. Avatar for J. Cunningham J. Cunningham said:

    FYI - still fixes the problem in June, 2024 with GnuPG 2.2.27 on Ubuntu 22.04.4 LTS