pinentry dialog

Peter Lebbing peter at
Wed Oct 26 18:12:21 CEST 2016

On 25/10/16 05:06, Amitesh Mishra wrote:
> 1.  Added the passphrase to the perl script in the following manner
> system ("type $PASSFILE | gpg --no-tty --batch --passphrase-fd 0 --output

You need to add "--pinentry-mode loopback" to the arguments.

Also, while this is all fine for testing and debugging, it doesn't appear to
make sense in production. What use is it to encrypt file A with a passphrase
that is in plaintext in file B? Better not to encrypt file A, your private key,
in the first place, since you gain nothing in protection in the general case.
Then you don't need passphrase entry anymore, the key will Just Work(TM).

> 2. preset passphrase as shown below :
> C:\Program Files (x86)\GnuPG\bin>gpg-connect-agent --homedir C:\Users\XXX\Ap
> pData\Roaming\gnupg "preset_passphrase B6938993903C4590B75FA651035A38377BE10CD8
> -1 53656324537465663123313233" /bye
> OK

preset_passphrase takes a *keygrip* not a *fingerprint*. You can find the
keygrip as follows:

$ gpg2 --with-keygrip -K 035A38377BE10CD8

For my test key, it's as follows:

sec   rsa2048/3E7F0306 2013-07-26 [SC] [expires: 2016-11-02]
      Keygrip = BDAB81746D3696C48746896F4EA1670D312148C7
uid         err Test extra UID
uid         err Test more extra UID
uid         err Testkey
ssb   rsa2048/459A39FE 2014-01-09 [E] [expires: 2016-11-02]
      Keygrip = 815F15F918ECF9922D4CF60D0ED5C03143746201

If I want to prime the passphrase for decryption, I would use the keygrip
815F15F918ECF9922D4CF60D0ED5C03143746201. For the passphrase for signing, I
would need the other keygrip instead.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list