keygen, pinentry, su, sudo and tty
GnuPG uses a gpg-agent daemon to manage keys for gpg and this uses a pinentry helper tool whenever it requires interactive passphrase input. For this to work properly, your shell’s tty device must be owned by you (eg, for Alice, stat
-c %U $(tty) must be alice). This won’t be the case if you used sudo or su, and this may cause problems with tasks such as key generation that
require access to secret keys; you might see an error like this: gpg: agent_genkey failed: Permission denied
If this happens to you, try this little trick that takes advantage of the script command to do the key generation in a tty that you own: $ script -q -c “gpg ...” /dev/null where the command you wish to use, plus all of its arguments are contained within the quotation marks. Alternatively, you can use gpg --pinentry
mode loopback to use a command-line passphrase prompt instead of the pinentry dialogue. Or, before the sudo or su: $ sudo chown alice $(tty) You may also need to perform export GPG_ TTY=$(tty).