Using pinentry-curses interactively in Linux boot process fails
Malte Gell
malte.gell at gmx.de
Fri Jul 23 00:13:24 CEST 2010
Hi there!
I have the following setup: a Linux luks encrypted partition. It is encrypted
with a keyfile, the keyfile itself is GnuPG encrypted and stored in /root
Now I have a smartcard reader and a OpenPGP card, so I want to decrypt the
keyfile, enter the card's PIN and that's it. I wrote a little init script.
Actually, this works *after* booting. But, when using it in real world
booting, it does not work.
gpg-agent is started correctly, but I see no pinentry-curses mask. What could
be wrong?
These are the commands I use in my init script:
export GNUPGHOME=/root/.gnupg
gpg-agent --daemon --sh --use-standard-socket --pinentry-program
/usr/bin/pinentry-curses
gpg -d /root/Administrativa/BOOT-SCHLUESSEL-LUKS/luks-key-home-malte.bin.gpg |
cryptsetup luksOpen /dev/disk/by-id/ata-WDC_WD3200BEVT-22ZCT0_WD-WXJ0A99M9523-
part6 --key-file=- cr_sda6 (this is one long line of course)
mount -o acl,user_xattr /dev/mapper/cr_sda6 /home
When I use these commands after booting, they do what I want them to do.
pinentry-curses asks my PIN, I enter it and everything is fine. But when I use
exactly these commands in my script, I simply get no pinentry-curses appearing
on the screen...
I use GnuPG 2.0.12.
Thanx
Malte
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100723/fba05efb/attachment.pgp>
More information about the Gnupg-users
mailing list