(pre)cache password rather than use allow-loopback-pinentry
Werner Koch
wk at gnupg.org
Fri Jul 21 08:46:50 CEST 2017
On Thu, 20 Jul 2017 20:04, dirkx at webweaving.org said:
> cat batch.commands | gpg2 --no-tty —batch —passphrase-XX XX --command-fd 0 --pinentry-mode loopback …
This is not going to work. --command-fd must always be used in
conjunction with --status-fd so that a GET_foo status line output
triggers input to the command fd descriptor.
> And then let the batch.commands (which does a complex dance of subkey renewal and some chip card shuffling) run against that ?
Please check wether some of the new --quick-foo commands can be helpful.
> Or to somehow use a pure TTY based pinentry in such a setting (it is an off line machine with barely more than a serial connection).
GnuPG has examples on how to write simple pinentries
(/tests/fake-pinentries/). Based on such an example and with the envvar
PINENTRY_USER_DATA you can provide passphrases or PINs to gpg-agent.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170721/ad75ca5a/attachment.sig>
More information about the Gnupg-users
mailing list