gpg: cancelled by user

As to the "cancelled by user" error: GnuPG tries to make sure it's reading the passphrase directly from the terminal, not (e.g.) piped from stdin. To do so, it tries to open the tty directly. Unfortunately, file permissions get in the way — the tty device is owned by the user you log in as. So only that user and root can open it. GnuPG appears to report the error incorrectly, saying you canceled (when in fact it got a permission denied).

As to if you should have a separate key for the repository: yes. There are a couple of reasons that come to mind:

  • A repository can be maintained by more than one person. All of them will need access to the key. You obviously don't want to give them access to your personal key.
  • The software processing new packages will need access to the key. For many repositories, that means you have to keep the key available on an Internet-connected machine. This necessitates a lower level of security than you'd ideally have on your personal key.
  • If you're processing uploads automatically, you may even need to store the key with no passphrase. Obviously lowers security.
  • In case of compromise of your personal key, it's nice to only have to revoke that. Same with compromise of the repository key. It makes revoking a compromised key cheaper.

It's pretty normal to use your personal key to sign the repository key.

As to running key generation as root: not ideal (don't run things as root without good reason), but likely not really an issue.


I also have this error after multiple ssh -Y to a host.

I managed to get a prompt for the passphrase by adding the --pinentry-mode loopback option.