Troubleshooting
Diagnose and fix common issues with pgpilot.
Getting Help
Section titled “Getting Help”Before trying fixes, collect diagnostic info:
- Open pgpilot, click Diagnostic (sidebar)
- Take a screenshot of the results
- Note any red “Error” entries
- Include this info when reporting bugs
Installation & Startup
Section titled “Installation & Startup””pgpilot: command not found”
Section titled “”pgpilot: command not found””Cause: Binary not in PATH.
Fix:
- If downloaded: move to
/usr/local/bin/:Terminal window sudo mv /path/to/pgpilot /usr/local/bin/pgpilot # should work now - If built from source: add to PATH:
Terminal window export PATH="$PATH:$(pwd)/target/release"
“GPG not found” or “gpg: command not found”
Section titled ““GPG not found” or “gpg: command not found””Cause: GnuPG not installed.
Fix: Install GnuPG:
- Ubuntu/Debian:
sudo apt install gnupg - Fedora/RHEL:
sudo dnf install gnupg - Arch:
sudo pacman -S gnupg - macOS:
brew install gnupg
Then restart pgpilot.
pgpilot window won’t appear on startup
Section titled “pgpilot window won’t appear on startup”Cause: X11/Wayland display issue.
Fix:
- Check display is running:
Terminal window echo $DISPLAY # X11 should show :0 or similarecho $WAYLAND_DISPLAY # Wayland should show wayland-0 or similar - If empty, start a display server or SSH with display forwarding:
Terminal window ssh -X user@server # X11 forward - Try running pgpilot again
Note: Wayland + iced can be finicky; if stuck, try X11 or GNOME/KDE Plasma.
GPG and Keys
Section titled “GPG and Keys””No keys found” / Empty My Keys list
Section titled “”No keys found” / Empty My Keys list”Cause: GnuPG keyring is empty or corrupted.
Fix:
- List keys manually:
Terminal window gpg --list-keys - If empty, create your first key in pgpilot: Create → fill form → Create Key
- If
gpg --list-keysshows keys but pgpilot doesn’t:- Check GNUPGHOME env var:
Terminal window echo $GNUPGHOME # should be empty (uses ~/.gnupg) or set to custom dir - If custom dir set, make sure it exists and contains keys
- Restart pgpilot
- Check GNUPGHOME env var:
”Invalid fingerprint” error during import
Section titled “”Invalid fingerprint” error during import”Cause: File isn’t a valid PGP key or is corrupted.
Fix:
- Verify file is a valid key:
Terminal window gpg --import < /path/to/file.asc - If GnuPG rejects it, the file is invalid
- Ask the sender for a fresh export:
- Have them run:
gpg --export --armor <email> - Send you the output
- Have them run:
”Passphrase required” prompt hangs
Section titled “”Passphrase required” prompt hangs”Cause: pinentry (password UI) is not running or misconfigured.
Fix:
-
Check pinentry is installed:
Terminal window which pinentryIf not found:
- Ubuntu/Debian:
sudo apt install pinentry(orpinentry-gtk2for GUI) - Fedora:
sudo dnf install pinentry - Arch:
sudo pacman -S pinentry
- Ubuntu/Debian:
-
If
pinentryexists but hangs:- Kill stuck processes:
Terminal window pkill -f pinentrypkill -f gpg-agent - Start fresh:
Terminal window gpg-agent --daemonpgpilot
- Kill stuck processes:
-
If using remote SSH, ensure X11/Wayland forwarding:
Terminal window ssh -X user@server # Enable X11 forwarding -
Last resort: use pinentry-tty (terminal-based, no GUI):
Terminal window echo "pinentry-program $(which pinentry-tty)" >> ~/.gnupg/gpg-agent.confpkill gpg-agentpgpilot
“Failed to encrypt” or “Trust level too low”
Section titled ““Failed to encrypt” or “Trust level too low””Cause: Recipient’s key has insufficient trust (Undefined/Marginal).
Fix:
- Verify recipient’s key:
- Select their key in pgpilot
- Check fingerprint (ask them for it in person)
- Click Trust badge → Full
- Try encrypting again
Or override trust for one-off:
- Click Encrypt
- Check untrusted recipient
- Click Encrypt again
- If warning appears, click Continue
YubiKey & Smartcard
Section titled “YubiKey & Smartcard””Card not detected”
Section titled “”Card not detected””Cause: Hardware key not plugged in or scdaemon not running.
Fix:
- Plug in the key (USB-A, USB-C, or NFC)
- Check card status:
Terminal window gpg --card-status - If error, restart scdaemon:
Terminal window pkill scdaemongpg --card-status - If still fails, check:
- USB port works (try different port)
- Permissions:
sudo usermod -a -G dialout $(whoami)(then logout/login)
“Migration failed” or “keytocard rejected”
Section titled ““Migration failed” or “keytocard rejected””Cause: Wrong admin PIN or card full.
Fix:
- Verify card admin PIN:
Terminal window gpg --card-editadmin# Type your admin PIN (default: 12345678) - If PIN wrong, try again
- If card full (3 subkeys max per card):
- Reset card:
Terminal window gpg --card-editadminfactoryresetquit - Then reinitialize and retry
- Reset card:
If migration partially failed, restore from backup:
gpg --import <backup-secret.asc>Import & Export
Section titled “Import & Export””Import failed: Invalid format”
Section titled “”Import failed: Invalid format””Cause: File is not a valid PGP key.
Fix:
- Check file starts with
-----BEGIN PGP:Terminal window head -1 /path/to/file.asc - If not, file is invalid (HTML, text, corrupted)
- Request a fresh export from sender
”Can’t export to file: Permission denied”
Section titled “”Can’t export to file: Permission denied””Cause: Folder not writable.
Fix:
- Check folder permissions:
Terminal window ls -ld ~/Downloads # example - If not writable:
Terminal window chmod u+w ~/Downloads - Or choose different folder in pgpilot
Network & Keyserver
Section titled “Network & Keyserver””Keyserver lookup failed”
Section titled “”Keyserver lookup failed””Cause: Network issue or keyserver down.
Fix:
- Check internet:
Terminal window ping keys.openpgp.org - If no response:
- Check WiFi/ethernet connection
- Try different network
- If ping works, keyserver may be down:
- Wait a few minutes
- Try different keyserver (keyserver.ubuntu.com)
“HTTPS required” for keyserver URL
Section titled ““HTTPS required” for keyserver URL”Cause: HTTP (insecure) URL detected.
Fix:
- pgpilot only allows HTTPS for security
- Change
http://→https:// - Example:
https://keys.openpgp.org/instead ofhttp://...
File Operations
Section titled “File Operations””File already exists — can’t save”
Section titled “”File already exists — can’t save””Cause: pgpilot won’t overwrite without your consent.
Fix:
- pgpilot automatically adds counter suffix:
file_1.gpg,file_2.gpg, etc. - Or delete the old file manually before re-encrypting
”Decrypt failed: No secret key”
Section titled “”Decrypt failed: No secret key””Cause: File was encrypted for someone else.
Fix:
- Verify who encrypted it:
Terminal window gpg --list-keys | grep -i <sender-email> - If you don’t have the sender’s key, you can’t decrypt
- Ask sender to decrypt and share unencrypted (or re-encrypt for you)
“Signature verification: Unknown key”
Section titled ““Signature verification: Unknown key””Cause: Signer’s key not in your keyring.
Fix:
- Get the signer’s fingerprint (from email, GitHub, website)
- In pgpilot: Import → Keyserver → enter fingerprint
- Re-verify the signature
Performance & Stability
Section titled “Performance & Stability””pgpilot is slow” or “freezes”
Section titled “”pgpilot is slow” or “freezes””Cause: Large keyring or slow system.
Fix:
- Reduce keys (delete unused keys)
- Reduce keyserver status checks (disable auto-refresh if enabled)
- Close other applications to free RAM
- Restart pgpilot
”pgpilot crashes on startup”
Section titled “”pgpilot crashes on startup””Cause: Corrupted config or keyring.
Fix:
- Reset config:
Terminal window rm ~/.config/pgpilot/config.yamlpgpilot - If still crashes, check keyring:
Terminal window gpg --list-keys # does this work? - If keyring broken, restore from backup or contact support
More Help
Section titled “More Help”- See FAQ for general questions
- See Security for threat models
- Report bugs: https://github.com/gfriloux/pgpilot/issues