How to do pinentry in same screen as gpg

Dan Mahoney, System Admin danm at prime.gushi.org
Fri Jan 3 14:31:44 CET 2014


On Fri, 3 Jan 2014, Hauke Laging wrote:

> Am Fr 03.01.2014, 01:14:22 schrieb Dan Mahoney, System Admin:
>
>> It basically works perfectly with gpg1, where I can get an inline
>> prompt for a password, but gpg2 falls short where it tries to set up
>> some kind of a unix-socket connection to a pinentry dialog, and this
>> all falls apart within the simple exec() alpine is doing to launch
>> the filter.  GPG hangs up and I wind up needing to kill the whole
>> window.
>
> Do you start gpg-agent before gpg2? I would expect the behaviour to be
> the same like gpg if gpg-agent is not running.

No, the agent "is required", per the manpage.  If GPG doesn't find an 
agent, it starts one:

I just fired up a gpg --gen-key on my system where 2.x is installed.

danm     74860  0.0  0.1 13728  2120  ??  Ss    1:18PM   0:00.02 gpg-agent 
--daemon --use-standard-socket
danm     74853  0.0  0.1 17408  3136   3  I+    1:18PM   0:00.02 gpg 
--gen-key (gpg2)
danm     74861  0.0  0.0  9264  1972  ??  I     1:18PM   0:00.01 pinentry 
(pinentry-curses)

It leaves this agent running after you exit GPG, which feels sloppy -- ssh 
doesn't leave ssh-agent running after I connect, if I use it at all.

>> It might also be nice if I could basically start a pinentry program in
>> a dedicated window,
>
> You can write a wrapper around pinentry. This wrapper could start
> pinentry in a different console. See:
>
> http://lists.gnupg.org/pipermail/gnupg-users/2013-July/047168.html
> http://lists.gnupg.org/pipermail/gnupg-users/2013-December/048362.html
>
> I assume this is much more a screen problem. Some time ago I tried to
> create a pipeline between two processes running in different screen
> windows. I didn't manage to do that. But maybe there are tricks unknown
> to me. Maybe that can be done with redirecting stdin and stdout to a
> socket with socat or something like that.

I seem to recall that I was able to do it by messing heavily with 
environment variables.  As I want to get back into playing with 
smartcards, the agent become more necessary.  (Or keeping v1 and v2 
installed in parallel, which seems nonoptimal).

Hauke, in your posts, you mention that the pinentry protocol isn't on the 
GPG website.  Could that please be fixed by the people who maintain the 
project?  I notice it also missing from 
http://www.gnupg.org/documentation/manuals/

If I come up with a good method for doing so, I'll post a howto/blog here.

I do wonder how difficult it would be to write a pinentry-getline which 
doesn't try to do any fancy display tricks -- I just want enough magic to 
turn echoing off. (I think the ncurses are part of what mess alpine up). 
I may try this as well.

Thanks all,

-Dan

-- 

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------




More information about the Gnupg-users mailing list