Pinentry-mac fails to ask for the pin when called via gpg

I am having the problem that the PIN prompt via pinentry-mac doesn’t work correctly anymore on macOS Catalina.

When I try to decrypt a file via gpg that was encrypted with my Nitrokey, pinentry-mac comes up and asks me to “Please insert the card with serial number” - so the pinentry itself seems to be configured correctly.

But after that, I get an error:

gpg: public key decryption failed: Invalid ID
gpg: (further info: a reason might be a card with replaced keys)
gpg: decryption failed: No secret key

But when I then use ssh, pinentry-mac comes up correctly, asks for my PIN and unlocks the card. After that, I can decrypt the file without problems. So I assume everything is ok with the card and the problem is related to something preventing pinentry-mac from actually asking for the PIN.

I am using a Nitrokey for 3 years now for gpg and ssh; it worked perfectly in the past and nothing has changed with the key itself. I am using the gpg-suite 2020.2.

Any hints what could prevent ‘pinentry-mac’ to show the PIN prompt? (esp. when used via gpg but not when triggered by ssh)

Found it: Nitrokey Pro won't work unless running card-status/card-edit on macOS

1 Like