Package: epa.el Tags: patch Repro Case: # prepare a public-key-encrypted file test.gpg in cwd # make pinentry executable non-executable sudo chmod a-x /usr/bin/pinentry emacs -Q C-x C-f test.gpg RET => Wrong passphrase: No secret key Where Emacs 27 would report in a separate *Error* buffer: ---------------------------------------- Error while decrypting with "/usr/bin/gpg": gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03 "test-key" gpg: public key decryption failed: No pinentry gpg: decryption failed: No secret key ---------------------------------------- The root cause is in function `epa--wrong-password-p', defined as follows: ---------------------------------------- (defun epa--wrong-password-p (context) (let ((error-string (epg-context-error-output context))) (and (string-match "decryption failed: \\(Bad session key\\|No secret key\\)" error-string) (match-string 1 error-string)))) ---------------------------------------- It should not search for "No secret key" but rather for "Bad passphrase". "No secret key" just means that there is no secret key available to decrypt the file, "Bad passphrase" means that no secret keys can be used because of a wrong passphrase. I collected a couple of non-bad-passphrase error messages from GnuPG decryption failures, all done with: [emacs-29]$ gpg --version gpg (GnuPG) 2.2.27 libgcrypt 1.8.8 ---------------------------------------- # public key, chmod a-x /usr/bin/pinentry gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03 "test-key" gpg: public key decryption failed: No pinentry gpg: decryption failed: No secret key # symmetric, chmod a-x /usr/bin/pinentry gpg: AES256.CFB encrypted data gpg: problem with the agent: No pinentry gpg: encrypted with 1 passphrase gpg: decryption failed: No secret key # public key, 0744 empty GnuPG home directory gpg: WARNING: unsafe permissions on homedir '/home/jschmidt/work/emacs-29/xxx' gpg: encrypted with RSA key, ID D0EB77D91C0802D6 gpg: decryption failed: No secret key # public key, 0400 empty GnuPG home directory gpg: failed to create temporary file '/home/jschmidt/work/emacs-29/xxx/.#lk0x00005571263a1230.sappc2.4974': Permission denied gpg: keyblock resource '/home/jschmidt/work/emacs-29/xxx/pubring.kbx': Permission denied gpg: encrypted with RSA key, ID D0EB77D91C0802D6 gpg: decryption failed: No secret key # public key, 0700 empty GnuPG home directory gpg: encrypted with RSA key, ID D0EB77D91C0802D6 gpg: decryption failed: No secret key ---------------------------------------- And here the real bad-passphrase messages: ---------------------------------------- # symmetric, bad passphrase entered gpg: AES256.CFB encrypted data gpg: encrypted with 1 passphrase gpg: decryption failed: Bad session key # public key, bad passphrase entered gpg: encrypted with 3072-bit RSA key, ID D0EB77D91C0802D6, created 2022-12-03 "test-key" gpg: public key decryption failed: Bad passphrase gpg: decryption failed: No secret key ---------------------------------------- Patch attached.