KMyMoney: I can't open gpg-encrypted file

If I create a new kmy file and save it with GPG encryption, I can’t subsequently open it with KMM.

I’m on a new Arch installation with KMM 5.1.3


  1. use gpg --gen-key to generate public/private key pair
  2. configure KMM to use GPG-Encrypted XML file storage
  3. Create new file and save it, selecting the GPG key just created
  4. Close KMM and reopen

Message saying “Cannot open file as requested”
Cannot read the file: /home/paul/Test Encrypted.kmy /usr/src/debug/kmymoney/kmymoney-5.1.3/kmymoney/plugins/xml/xmlstorage.cpp:140

I opened the file in Kate and it looks like a GPG ASCII-armored format

Edit 1: I can decrypt the file using gpg --decrypt and the resulting file opens OK in KMM

Do you have the gpg-agent configured? You can check it with e.g. the following command:

user@host /home/user$ grep agent ~/.gnupg/gpg.conf
user@host /home/user$

To check if it is running, one can use e.g.

user@host /home/user$ ps ax | grep gpg-agent

I created ~/.gnupg/gpg.conf:

[paul@macbookpro ~]$ cat ~/.gnupg/gpg.conf 

and rebooted

[paul@macbookpro ~]$ ps ax|grep gpg-agent
   1767 ?        SLsl   0:00 /usr/bin/gpg-agent --supervised
   1873 pts/1    S+     0:00 grep --color=auto gpg-agent

I’m getting some messages in the journal but so far haven’t found what to do about them:

gpg-agent[1749]: failed to unprotect the secret key: Inappropriate ioctl for device
gpg-agent[1749]: failed to read the secret key
gpg-agent[1749]: command 'PKDECRYPT' failed: Inappropriate ioctl for device <Pinentry>

I found two alternative solutions:

  1. Install the gtk2 package which on Arch is an optional dependency of pinentry
  2. Create ~/.gnupg/gpg-agent.conf with the following line:
pinentry-program /usr/bin/pinentry-qt

… and reloading gpg-agent

I would have thought that pinentry should know to use pinentry-qt under a Plasma DE, but apparently not. I wonder if the change to qt6 is the cause.

/usr/bin/pinentry is a shell script so you can take a look what it is doing and why it is not working in your environment as expected.

Thanks @ipwizard, that shows how pinentry decides which password program to call. In my installation, the line which would have called /usr/bin/pinentry-qt (in a separate file sourced by pinentry) is commented out. Looks like an Arch packaging issue