Using pinentry-curses interactively in Linux boot process fails

Malte Gell malte.gell at gmx.de
Fri Jul 23 00:13:24 CEST 2010


Hi there!

I have the following setup: a Linux luks encrypted partition. It is encrypted 
with a keyfile, the keyfile itself is GnuPG encrypted and stored in /root

Now I have a smartcard reader and a OpenPGP card, so I want to decrypt the 
keyfile, enter the card's PIN and that's it. I wrote a little init script. 
Actually, this works *after* booting. But, when using it in real world 
booting, it does not work.

gpg-agent is started correctly, but I see no pinentry-curses mask. What could 
be wrong?

These are the commands I use in my init script:

export GNUPGHOME=/root/.gnupg

gpg-agent --daemon --sh --use-standard-socket --pinentry-program 
/usr/bin/pinentry-curses

gpg -d /root/Administrativa/BOOT-SCHLUESSEL-LUKS/luks-key-home-malte.bin.gpg | 
cryptsetup luksOpen /dev/disk/by-id/ata-WDC_WD3200BEVT-22ZCT0_WD-WXJ0A99M9523-
part6 --key-file=- cr_sda6 (this is one long line of course)

mount -o acl,user_xattr /dev/mapper/cr_sda6 /home

When I use these commands after booting, they do what I want them to do. 
pinentry-curses asks my PIN, I enter it and everything is fine. But when I use 
exactly these commands in my script, I simply get no pinentry-curses appearing 
on the screen...

I use GnuPG 2.0.12.

Thanx
Malte
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100723/fba05efb/attachment.pgp>


More information about the Gnupg-users mailing list