This is a list of problems that people run into frequently.
We use pinentry in situations where we need a password, but there are many
exciting ways for it to break. Here are a couple examples of what that looks
like:
$ keybase login
▶ INFO Forking background server with pid=2409
How would you like to sign this install of Keybase?
(1) Use an existing device
(2) Use a paper key
(3) Use my Keybase passphrase
Choose a signing option: 2
▶ ERROR GETPIN response didn't start with D; got "ERR 83918849 Permission denied <Pinentry>"
$ keybase decrypt -i my_encrypted_message
▶ ERROR GETPIN response didn't start with D; got "ERR 83918950 Inappropriate ioctl for device <Pinentry>"
These errors can be an interaction of several different things:
- What version of
pinentryyou have in yourPATH. Some of them try to create a graphical window but fall back to the terminal. Some do only one of those things. - Interesting terminal gymnastics. Running in screen or tmux can confuse the
curses versions of
pinentry. Depending on where you first started tmux, you might also end up with an invalidDISPLAYenvironment variable. - Curious account permissions. If you log into your desktop as
userfoo, and you run something likesudo -u userbar keybase login, that might preventpinentryfrom creating windows.
One workaround for these problems is to disable pinentry, so that keybase
reads your password as ordinary terminal input. Use the --pinentry flag to do
that:
keybase --pinentry=none login
To make that configuration permanent, you can run:
keybase config set -b pinentry.disabled true