Using gpg2 without pinentry?

Doug Barton dougb at dougbarton.us
Sat Jul 3 05:33:14 CEST 2010


On 06/28/10 15:35, Nicholas Cole wrote:
> On Mon, Jun 28, 2010 at 8:35 PM, Doug Barton <dougb at dougbarton.us> wrote:
>> On Mon, 28 Jun 2010, Nicholas Cole wrote:
>>
>>> On Sun, Jun 27, 2010 at 8:55 PM, Dan Mahoney, System Admin
>>> <danm at prime.gushi.org> wrote:
>>>
>>>> Is there some reasonable way that gpg can detect that it has a
>>>> controlling
>>>> termainal (or even, a config file option) and just ask me for my
>>>> passphrase
>>>> on stdin?
>>>
>>> Can you start gpg-agent separately - ie. before the passphrase is
>>> needed.  If so, you should be fine, I think, if I have understood your
>>> problem correctly.
>>
>> That's not the issue. To simplify the problem somewhat, I'm on a windows
>> box. I ssh to my Unix system at home. My .bashrc sets up gpg-agent for me.
>> Now I want to sign something. The usual answer here is "pinentry-curses to
>> the rescue." But let's assume that pinentry-curses is not an option. Now how
>> do I enter my passphrase?
> 
> 
> Do none of the gpg-agent options such as:
> 
> 
>        --xauthority string
> 
>        --keep-tty
> 
>        --keep-display
> 
> help in this kind of case?

It's not clear to me how any of these options would help, but thank you
for suggesting them.

To describe the problem more precisely, I'm running a command line mail
program (Alpine). That program has a feature that allows you to send the
incoming or outgoing mail to what's called a filter which is really a
separate program that does something to what it's passed and then
returns the result to Alpine. The specific filters in question are shell
scripts that I've written to integrate PGP with Alpine, and the specific
scripts that sometimes need a passphrase are the signing and
en/decryption scripts. The filter feature allows the invoked program to
be interactive so with gnupg 1.x there is no problem getting the
passphrase. When I'm running Alpine within the same X environment as
gpg-agent, gpg2 dutifully spawns the qt pinentry dialog and once it gets
its response gpg2 chugs merrily along and all is well.

The problem occurs when using gpg2 in an environment where spawning a
separate pinentry dialog doesn't work. In the situation I'm describing:

User runs Alpine,
	which spawns the internal filter subprocess,
		which spawns my script,
			which spawns gpg2,
				which attempts to spawn pinentry

What's needed for this case is a way to tell gpg2 "emulate gpg 1.x
behavior and prompt for the password in line." I haven't looked at the
internals in detail so I have no idea how difficult this would be. The
way that I "solve" this problem right now is that I tell my users not to
use gnupg 2.x in this situation. However I'm not sure that's going to
scale.


Doug

-- 

	... and that's just a little bit of history repeating.
			-- Propellerheads

	Improve the effectiveness of your Internet presence with
	a domain name makeover!    http://SupersetSolutions.com/




More information about the Gnupg-users mailing list