7. RE: how to disable pinentry (Smith, Cathy)

Smith, Cathy Cathy.Smith at pnnl.gov
Thu Feb 26 02:01:37 CET 2015


Rob 

Apparently gpg-agent doesn't start automatically by default on CentOS6.  I've read some different recommendations for how to configure that.  Do you have any recommendations?

Thanks


Cathy

---
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the
U.S. Department of Energy

Phone:      509.375.2687
Fax:        509.375.2330
Email:      cathy.smith at pnnl.gov


-----Original Message-----
From: Smith, Cathy 
Sent: Wednesday, February 25, 2015 3:32 PM
To: 'Rob Fries'; 'gnupg-users at gnupg.org'
Subject: RE: 7. RE: how to disable pinentry (Smith, Cathy)

Rob

I'm not familiar with running gpg-agent.  I've started with the man page.    I don't see a process running.


Cathy

---
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the
U.S. Department of Energy

Phone:      509.375.2687
Fax:        509.375.2330
Email:      cathy.smith at pnnl.gov


-----Original Message-----
From: Rob Fries [mailto:Rob.Fries at ascensus.com] 
Sent: Wednesday, February 25, 2015 12:27 PM
To: Smith, Cathy; 'gnupg-users at gnupg.org'
Subject: RE: 7. RE: how to disable pinentry (Smith, Cathy)

Hey Cathy,

You need gpg-agent running with this setup.

Per the error message, it can not connect to a running gpg-agent to enter the passphrase.

Your gpg-agent.conf also needs to be with your other gpg configs under .gnupg.

-Rob

-----Original Message-----
From: Smith, Cathy [mailto:Cathy.Smith at pnnl.gov] 
Sent: Wednesday, February 25, 2015 3:21 PM
To: Rob Fries; 'gnupg-users at gnupg.org'
Subject: RE: 7. RE: how to disable pinentry (Smith, Cathy)

Rob

Thanks.  I got an error when trying to do this.  I created the gpg-agent.conf file in my home directory and added the directive:

[cathy at foo ~]$ cat gpg-agent.conf 
allow-preset-passphrase
[cathy at foo ~]$ 


[cathy at foo ~]$ /usr/libexec/gpg-preset-passphrase -cP"cry123" "4611 E023 7B7A 31FE 1388  0FAC 491E FBE6 302B 7D2D"
gpg-preset-passphrase: can't connect to `/home/cathy/.gnupg/S.gpg-agent': No such file or directory
gpg-preset-passphrase: caching passphrase failed: Input/output error



Cathy
---
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the
U.S. Department of Energy

Phone:      509.375.2687
Fax:        509.375.2330
Email:      cathy.smith at pnnl.gov


-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Rob Fries
Sent: Wednesday, February 25, 2015 9:14 AM
To: 'gnupg-users at gnupg.org'
Subject: 7. RE: how to disable pinentry (Smith, Cathy)

Hi Cathy,

We use /usr/libexec/gpg-preset-passphrase to set our passphrase. 

 /usr/libexec/gpg-preset-passphrase  -cP "$passphrase" $keygrip

  You would need to add this to your .gpg-agent.conf:

allow-preset-passphrase

you will need to get the KEYGRIP. The easiest way I found is:

gpg2 --fingerprint --fingerprint --list-secret-keys | grep "fingerprint" | cut -d= -f2 | tr -d ' '

make sure you get the correct one for the correct key( note the above command shows double the number of keygrips for what you need.. ).
	
and you may want to adjust your max-cache-ttl gpg-agent.conf too.  If you want to forget a passphrase before the ttl is up, you can use gpg-preset-passphrase to forget it.

Rel6 does provide a pinentry-curses program:

/usr/bin/pinentry-curses


Hope that helps!

Message: 7
Date: Wed, 25 Feb 2015 16:51:23 +0000
From: "Smith, Cathy" <Cathy.Smith at pnnl.gov>
To: Damien Goutte-Gattat <dgouttegattat at incenp.org>,
	"gnupg-users at gnupg.org" <gnupg-users at gnupg.org>
Subject: RE: how to disable pinentry
Message-ID:
	<270838A78E5A5342BB9669898FB4CF2011CF30F6 at EX10MBOX01.pnnl.gov>
Content-Type: text/plain; charset="iso-8859-1"

Damien

Adding this line didn't work:
	pinentry-program /usr/bin/pinentry-tty

The message was invalid option
	gpg: /home/foo/.gunpg/gpg.conf:242:  invalid option

The CentOS6 and RHEL6 distributions don't  provide a /usr/bin/pinentry-tty.   

One of my goals of this is to be able to set a passphrase on a key in batch processing.  Perhaps, there is another way to accomplish that?


Thank you

Cathy
---
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the
U.S. Department of Energy

Phone:????? 509.375.2687
Fax:??? ????509.375.2330
Email:????? cathy.smith at pnnl.gov


CONFIDENTIALITY NOTICE: This message, including attachments, is intended to be viewed only by the addressee. It may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. No confidentiality or privilege is lost by any transmission error. This message may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act. You may not directly or indirectly reuse or disclose such information for any purpose except as permitted by law. Any dissemination, distribution or copying of this message is strictly prohibited without our prior written permission. If you are not an intended recipient, or if you have received this message in error, please notify us immediately by return e-mail and permanently remove the original message and any copies from your computer and all back-up systems.

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

CONFIDENTIALITY NOTICE: This message, including attachments, is intended to be viewed only by the addressee. It may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. No confidentiality or privilege is lost by any transmission error. This message may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act. You may not directly or indirectly reuse or disclose such information for any purpose except as permitted by law. Any dissemination, distribution or copying of this message is strictly prohibited without our prior written permission. If you are not an intended recipient, or if you have received this message in error, please notify us immediately by return e-mail and permanently remove the original message and any copies from your computer and all back-up systems.



More information about the Gnupg-users mailing list