(pre)cache password rather than use allow-loopback-pinentry

Werner Koch wk at gnupg.org
Fri Jul 21 08:46:50 CEST 2017

On Thu, 20 Jul 2017 20:04, dirkx at webweaving.org said:

> 	cat batch.commands | gpg2 --no-tty —batch —passphrase-XX XX --command-fd 0 --pinentry-mode loopback  …

This is not going to work.  --command-fd must always be used in
conjunction with --status-fd so that a GET_foo status line output
triggers input to the command fd descriptor.

> And then let the batch.commands (which does a complex dance of subkey renewal and some chip card shuffling) run against that ?

Please check wether some of the new --quick-foo commands can be helpful.

> Or to somehow use a pure TTY based pinentry in such a setting (it is an off line machine with barely more than a serial connection).

GnuPG has examples on how to write simple pinentries
(/tests/fake-pinentries/).  Based on such an example and with the envvar
PINENTRY_USER_DATA you can provide passphrases or PINs to gpg-agent.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170721/ad75ca5a/attachment.sig>

More information about the Gnupg-users mailing list