Unable to $ echo test | gpg --clearsign locally or through X11 Forwarding

My goal is to make commit through NVIDIA Jetson Nano B01. The problem is that the gpg is error. I have tried it running the command locally or through X11 forwarding, the error is the same.

echo test | gpg --clear-sign
gpg: setting pinentry mode 'loopback' failed: Forbidden
Hash: SHA512

gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device

For reproduction purposes, what was your original “gpg --gen-key ...” key size, and did you require a passphrase? Also, if you log in directly, does this fail or succeed?

$ gpg --full-generate-key. I chose RSA and RSA with key size 4096. I required passphrase. I can login directly through ssh or using monitor.

Then, I do ssh with RemoteForward.

Host 01.local
  User 01
  ForwardAgent yes
  ForwardX11 yes
  ForwardX11Trusted yes
  RemoteForward /run/user/1000/gnupg/S.gpg-agent /Users/jason/.gnupg/S.gpg-agent.extra
  StreamLocalBindUnlink yes

I also tested it locally (without ssh) and run echo test | gpg --clearsign. The problem did not change.

Ah… the forwarded gpg agent is root. The current solution is to use $ echo test | sudo gpg --clearsign or $ sudo git commit -m "message". Should I do $ chown -R 01:01 ~/.gnupg?

I should not do that. $ chown -R 01:01 ~/.gnupg now the $ gpg --list-secret-keys do not have secret.

$ ls -a -l ~/.gnupg

total 48
drwx------  4 01 01 4096 Feb 28 10:22 .
drwxr-xr-x 29 01 01 4096 Feb 28 10:33 ..
srwx------  1 root      root         0 Feb 28 10:21 S.gpg-agent
srwx------  1 root      root         0 Feb 28 10:21 S.gpg-agent.browser
srwx------  1 root      root         0 Feb 28 10:21 S.gpg-agent.extra
srwx------  1 root      root         0 Feb 28 10:21 S.gpg-agent.ssh
-rw-------  1 01 01   68 Feb 28 01:19 gpg-agent.conf
-rw-------  1 01 01   33 Feb 28 01:09 gpg.conf
drwx------  2 root      root      4096 Feb 28 10:21 openpgp-revocs.d
drwx------  2 01 01 4096 Feb 28 10:21 private-keys-v1.d
-rw-------  1 01 01 2320 Feb 28 00:34 publickey
-rw-r--r--  1 root      root      5056 Feb 28 10:21 pubring.kbx
-rw-------  1 01 01 2542 Feb 28 00:34 pubring.kbx~
-rw-------  1 01 01  600 Feb 27 23:53 random_seed
-rw-------  1 01 01 1280 Feb 28 10:22 trustdb.gpg

I have not tried to work with that since it sounds like it is solved, but I’m not positive. Can you confirm if you do or do not need someone else to try this and get around the sudo issue?

No, it’s not resolved. I can create my own GPG key locally on the NVIDIA Jetson Nano B01 and sign with it but I need sudo. However, I can’t sign it with the GPG key from my computer. I have imported the public key to the NVIDIA Jetson Nano B01, and can see the key using $ gpg --list-key and $ gpg --list-secret-keys. However, the trust level is unknown, unlike the gpg key that I create locally, the trust level is ultimate. So I am not sure what’s wrong.

From the above, is it correct that you created that GPG key on the host PC, and then copied to the Jetson? If so, what exact file(s) did you copy?

Yes. I created the GPG key on the host PC and then copied to the Jetson. It’s the public key. I did gpg --export <your-key> > ~/.gnupg/publickey. Then, send it to the Jetson device and do gpg --import ~/.gnupg/publickey

If I use RemoteForward on ~/.ssh/config, when I do gpg --list-secret-keys I can see my secret key, but I can’t sign with it.

Let me start by asking what the “01” is in the above? Normally this is “<user>:<group>”, which in turn is either the name of the user/group, or the numeric ID. “01” does not correspond to anything I know of. If your user name is “ubuntu”, and the group is “ubuntu”, and if the UID and GID are both 1000 (this is the default first admin user), then things would be set something like this (and I’m using a “.” instead of “:” since that is what I’m used to):
sudo chown -R ubuntu.ubuntu ~ubuntu/.gnupg/

If you are actually logged in as user “ubuntu”, then this is equivalent:

cd ~/.gnupg
sudo chown -R ubuntu.ubuntu *

(note that user root has his own directory, but using sudo in the above manner is correct in that context)

On your host PC, what is the result of “id”? On the Jetson, what is the result of “id”? Note that it is ok if you want to substitute a dummy name like “ubuntu” in place of your actual login name. The point is to compare numeric IDs.

Then, what was your exact method of copying the keys and putting them on the Jetson?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.