Mind Dump, Tech And Life Blog
written by Ivan Alenko
published under license CC4-BY
posted in category Systems Software / GPG
posted at 14. Aug '25

Howto Fix DBG Ignoring GPG Agent Inquiry CONFIRM 1 and Key Not Detected

Today I noticed that when I wanted to sign a commit in Git with YubiKey, it didn't work. Again https://myrtana.sk/articles/howto-fix-yubikey-gpg-signing-failed.

First I saw this obscure message.

$ /usr/bin/gpg --status-fd=2 -bsau 123456
[GNUPG:] KEY_CONSIDERED 123456567564 2
[GNUPG:] BEGIN_SIGNING H10
fdsfa
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'
gpg: DBG: ignoring gpg-agent inquiry 'CONFIRM 1'

I had to comment out pinentry-mode loopback in ~/.gnupg/gpg.conf, in general I updated config to the latest https://github.com/drduh/config/blob/main/gpg.conf.

$ /usr/bin/gpg --status-fd=2 -bsau 123456
[GNUPG:] KEY_CONSIDERED 123456567564 2
[GNUPG:] BEGIN_SIGNING H10
fssfsdfs
[GNUPG:] PINENTRY_LAUNCHED 961992 tty 1.3.1 /dev/pts/2 xterm-256color :1 20600/1000/5 1000/1000 -
Please insert the card with serial number:

  15 423 465
  
  OK
  Cancel
[oc]? 
gpg: signal Interrupt caught ... exiting

Man, these cryptic error messages from gpg are always "fun" to debug.

And now YubiKey isn't detected, because scdaemon is not installed. Yeah, the error message is weird too:

$ GIT_TRACE=1 git commit -m 'generate gem'
22:27:51.125449 git.c:476               trace: built-in: git commit -m 'generate gem'
22:27:51.126145 run-command.c:673       trace: run_command: gpg --status-fd=2 -bsau 123456
22:27:51.126160 run-command.c:765       trace: start_command: /usr/bin/gpg --status-fd=2 -bsau 123456
error: gpg failed to sign the data:
[GNUPG:] KEY_CONSIDERED 123456567564 2
[GNUPG:] BEGIN_SIGNING H10
[GNUPG:] PINENTRY_LAUNCHED 962996 tty 1.3.1 - xterm-256color :1 - 1000/1000 -
gpg: podpisovanie zlyhalo: Not confirmed
[GNUPG:] FAILURE sign 83886194
gpg: signing failed: Not confirmed

fatal: failed to write commit object

and directly:

$ /usr/bin/gpg --status-fd=2 -bsau 123456
[GNUPG:] KEY_CONSIDERED 123456567564 2
[GNUPG:] BEGIN_SIGNING H10
hhdfghfd
[GNUPG:] PINENTRY_LAUNCHED 963006 tty 1.3.1 /dev/pts/7 xterm-256color :1 20600/1000/5 1000/1000 -
Please insert the card with serial number:

  15 423 465
  
  OK
  Cancel
[oc]? o

$ gpg --card-status
gpg: error getting version from 'scdaemon': No SmartCard daemon
gpg: OpenPGP card not available: No SmartCard daemon

So I installed scdaemon:

apt-get install scdaemon

And now it still cannot detect the device:

$ gpg --card-status
gpg: selecting card failed: Také zariadenie neexistuje
gpg: OpenPGP card not available: Také zariadenie neexistuje

So I added disable-ccid to ~/.gnupg/scdaemon.conf:

reader-port Yubico Yubi
disable-ccid

Then killed it:

$ ps aux | grep scda
damon     967527  0.0  0.0 164600  3856 ?        SLl  22:40   0:00 scdaemon --multi-server
damon     969552  0.0  0.0   6552  2088 pts/7    S+   22:45   0:00 grep scda
$ kill 967527
$ gpgconf --kill gpg-agent
$ gpg --card-status
Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00

Now it works again.

$ GIT_TRACE=1 git commit -m 'generate gem'
22:48:24.873853 git.c:476               trace: built-in: git commit -m 'generate gem'
22:48:24.874680 run-command.c:673       trace: run_command: gpg --status-fd=2 -bsau 123456
22:48:24.874698 run-command.c:765       trace: start_command: /usr/bin/gpg --status-fd=2 -bsau 123456
22:48:32.093063 run-command.c:673       trace: run_command: git maintenance run --auto --no-quiet --detach
22:48:32.093075 run-command.c:765       trace: start_command: /usr/lib/git-core/git maintenance run --auto --no-quiet --detach
22:48:32.094450 git.c:476               trace: built-in: git maintenance run --auto --no-quiet --detach
[master (root-commit) dfb4757] generate gem
 18 files changed, 378 insertions(+)

And that's all.

Sources:

Add Comment