How to do pinentry in same screen as gpg

Dan Mahoney, System Admin danm at prime.gushi.org
Fri Jan 3 10:14:22 CET 2014 

All,

I have a script that I use to send mail (as part of pine/alpine) that 
needs to prompt for my key passphrase.

I run alpine on a private unix server, within a screen session.

It basically works perfectly with gpg1, where I can get an inline prompt 
for a password, but gpg2 falls short where it tries to set up some kind of 
a unix-socket connection to a pinentry dialog, and this all falls apart 
within the simple exec() alpine is doing to launch the filter.  GPG hangs 
up and I wind up needing to kill the whole window.

Here's where I've gotten on a possible solution:

I could possibly have every window within my screen session have my 
.cshrc check for a running gpg-agent, and start one if it's not (this 
seems wasteful considering how infrequently I sign).

Along these lines, I'd probably have to have every single screen process 
update the running TTY, so that my most recently-opened screen would 
contain the dialog.  It seems that the pinentry command is invoked behind 
the scenes by the agent, and then directly writes to and reads/from the 
tty specified (so it could in theory interfere with whatever else I'm 
running on that screen), for example, if I were doing something while su'd 
to root.

-or-

It would also be nice if pinentry could cause the spawning of a new screen 
window via "screen -X", but as I have a password-protected screen, this 
isn't possible either.

-or-

It might also be nice if I could basically start a pinentry program in a 
dedicated window, and simply choose to use it when needed (similar in 
analog to how I might use a hardware pinpad, or a fingerprint reader).  I 
don't know if this is possible.  I could also start up some "dummy" 
program in a screen where the agent will spawn.

I think that last one is the plan of attack I'll likely pursue.

However, it would be really, really nice if, instead of 
gpg--agent--assuan--pinentry, GPG could just fall back to prompting for a 
password on the same tty where GPG is running.

It would also be nice if GPG had some method of simply saying "hey, I 
can't find a place to spawn this pinentry, and could exit cleanly."

Thoughts are welcome.

-Dan

-- 

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

More information about the Gnupg-users mailing list