7. RE: how to disable pinentry (Smith, Cathy)
Rob Fries
Rob.Fries at ascensus.com
Wed Feb 25 21:26:37 CET 2015
Hey Cathy,
You need gpg-agent running with this setup.
Per the error message, it can not connect to a running gpg-agent to enter the passphrase.
Your gpg-agent.conf also needs to be with your other gpg configs under .gnupg.
-Rob
-----Original Message-----
From: Smith, Cathy [mailto:Cathy.Smith at pnnl.gov]
Sent: Wednesday, February 25, 2015 3:21 PM
To: Rob Fries; 'gnupg-users at gnupg.org'
Subject: RE: 7. RE: how to disable pinentry (Smith, Cathy)
Rob
Thanks. I got an error when trying to do this. I created the gpg-agent.conf file in my home directory and added the directive:
[cathy at foo ~]$ cat gpg-agent.conf
allow-preset-passphrase
[cathy at foo ~]$
[cathy at foo ~]$ /usr/libexec/gpg-preset-passphrase -cP"cry123" "4611 E023 7B7A 31FE 1388 0FAC 491E FBE6 302B 7D2D"
gpg-preset-passphrase: can't connect to `/home/cathy/.gnupg/S.gpg-agent': No such file or directory
gpg-preset-passphrase: caching passphrase failed: Input/output error
Cathy
---
Cathy L. Smith
IT Engineer
Pacific Northwest National Laboratory
Operated by Battelle for the
U.S. Department of Energy
Phone: 509.375.2687
Fax: 509.375.2330
Email: cathy.smith at pnnl.gov
-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Rob Fries
Sent: Wednesday, February 25, 2015 9:14 AM
To: 'gnupg-users at gnupg.org'
Subject: 7. RE: how to disable pinentry (Smith, Cathy)
Hi Cathy,
We use /usr/libexec/gpg-preset-passphrase to set our passphrase.
/usr/libexec/gpg-preset-passphrase -cP "$passphrase" $keygrip
You would need to add this to your .gpg-agent.conf:
allow-preset-passphrase
you will need to get the KEYGRIP. The easiest way I found is:
gpg2 --fingerprint --fingerprint --list-secret-keys | grep "fingerprint" | cut -d= -f2 | tr -d ' '
make sure you get the correct one for the correct key( note the above command shows double the number of keygrips for what you need.. ).
and you may want to adjust your max-cache-ttl gpg-agent.conf too. If you want to forget a passphrase before the ttl is up, you can use gpg-preset-passphrase to forget it.
Rel6 does provide a pinentry-curses program:
/usr/bin/pinentry-curses
Hope that helps!
Message: 7
Date: Wed, 25 Feb 2015 16:51:23 +0000
From: "Smith, Cathy" <Cathy.Smith at pnnl.gov>
To: Damien Goutte-Gattat <dgouttegattat at incenp.org>,
"gnupg-users at gnupg.org" <gnupg-users at gnupg.org>
Subject: RE: how to disable pinentry
Message-ID:
<270838A78E5A5342BB9669898FB4CF2011CF30F6 at EX10MBOX01.pnnl.gov>
Content-Type: text/plain; charset="iso-8859-1"
Damien
Adding this line didn't work:
pinentry-program /usr/bin/pinentry-tty
The message was invalid option
gpg: /home/foo/.gunpg/gpg.conf:242: invalid option
The CentOS6 and RHEL6 distributions don't provide a /usr/bin/pinentry-tty.
One of my goals of this is to be able to set a passphrase on a key in batch processing. Perhaps, there is another way to accomplish that?
Thank you
Cathy
---
Cathy L. Smith
IT Engineer
Pacific Northwest National Laboratory
Operated by Battelle for the
U.S. Department of Energy
Phone:????? 509.375.2687
Fax:??? ????509.375.2330
Email:????? cathy.smith at pnnl.gov
CONFIDENTIALITY NOTICE: This message, including attachments, is intended to be viewed only by the addressee. It may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. No confidentiality or privilege is lost by any transmission error. This message may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act. You may not directly or indirectly reuse or disclose such information for any purpose except as permitted by law. Any dissemination, distribution or copying of this message is strictly prohibited without our prior written permission. If you are not an intended recipient, or if you have received this message in error, please notify us immediately by return e-mail and permanently remove the original message and any copies from your computer and all back-up systems.
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
CONFIDENTIALITY NOTICE: This message, including attachments, is intended to be viewed only by the addressee. It may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. No confidentiality or privilege is lost by any transmission error. This message may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act. You may not directly or indirectly reuse or disclose such information for any purpose except as permitted by law. Any dissemination, distribution or copying of this message is strictly prohibited without our prior written permission. If you are not an intended recipient, or if you have received this message in error, please notify us immediately by return e-mail and permanently remove the original message and any copies from your computer and all back-up systems.
More information about the Gnupg-users
mailing list