GnuPGv2 & 'pinentry' on Linux w/ remote access
ssmeenk at freshdot.net
Wed Mar 22 15:46:32 CET 2017
I'm trying to make the big step from GnuPG v1 to v2 but i'm experiencing
agonizing pains caused by the forced use of "pinentry" by gpg-agent and
friends, or rather the way the GPG_TTY stuff works?
I'm on Linux and i am not using Unity/Gnome/whatever, so i start X by
calling 'startx' and it invokes my .xsession that has ...
| export GPG_TTY
| eval $(gpg-agent --daemon)
... where ssh-agent used to be, just before starting the window manager.
Then i have this gpg-agent.conf:
| pinentry-program /usr/bin/pinentry-curses
| default-cache-ttl 300
| max-cache-ttl 999999
With this config, trying to decrypt a GPG-file, everything stalls
and undescriptive errors appear after staring at a blinking cursor
for quite some time.
So i learned that i could update GPG_TTY from my shellrc by doing...
| export GPG_TTY
| gpg-connect-agent updatestartuptty /bye >/dev/null
... every time a new shell spawns. This kind-of works.
At least the pinentry pops up in a terminal.
For GPG-related commands, the pinentry seems to pop-up at the terminal
that is running a GPG-related command, but trying to use ssh randomly
pops the pinentry in a terminal unrelated to where i am running ssh.
Probably the terminal that was started last?
Then, when i then ^C the ssh command that is seemingly hanging because
a pinentry popped up on some other workspace's terminal, the pinentry
program on the unrelated terminal completely messes up said terminal.
Sometimes resulting in *'s being displayed while typing, or letters
disappearing from the input altogether. In such situations it turns out
pinentry-curses was still running, even though my shell was also
I can't fathom what i am doing wrong but i must be doing something wrong.
And i haven't even started looking at "how can u use a gpg-agent that
is already running on a box that i am logging in remotely" yet, sort of
what 'keychain' can do with ssh-agent.
| How can there be self-help "groups"?
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2
More information about the Gnupg-users