Force textual pinpad

Peter Lebbing peter at digitalbrains.com
Thu Mar 24 12:24:32 CET 2016


Please don't pass the passphrase on the command line as Dashamir Hoxha
suggested.

On 24/03/16 12:01, Paolo Bolzoni wrote:
> To unset DISPLAY env var works really well, but I'd prefere something
> I can setup in the gpg options.

As long as you don't use gpg-agent as an SSH agent, you can use a
terminal-based pinentry as the entry method. For instance, install the
package of your OS that contains pinentry-curses and add this to
$GNUPGHOME/gpg-agent.conf:

pinentry-program /usr/bin/pinentry-curses

Alternatively, pinentry-tty is for the true minimalists. I wouldn't
recommend it, though.

You will need to kill off your running gpg-agent; this should start a
new one once you need it again. The precise behaviour depends on whether
you're using GnuPG 2.0 or 2.1. Note that my 2.1 agent even survives X
logouts :). So logout/login isn't even enough.

The X11 pinentries are indeed the summum of modal dialog, and this is
purposely done to at least somewhat protect against mistakes and rogue X
clients. You can make it less obnoxious :) by adding to your gpg-agent.conf:

no-grab

This latter solution I mean as a solution on its own, not in combination
with a different-than-the-default pinentry.

To be able to use a terminal-based pinentry with gpg-agent as an SSH
agent, more work needs to be done before it will work.

Oh, as a final point of interest, Debian uses the "alternatives"
mechanism for the pinentry, so it should be possible to change the used
pinentry through update-alternatives rather than gpg-agent.conf; then it
will be system-wide, though.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list