GnuPGv2 & 'pinentry' on Linux w/ remote access

Sander Smeenk ssmeenk at freshdot.net
Mon Nov 6 22:49:26 CET 2017


Hi!

Some time ago in March i was asking about the way the pinentry works and
i have not yet been able to get this working properly.

I have this vim macro that automatically decrypts and encrypts files
named .gpg. I use this in a terminal through SSH on my server and it
basically pipes a buffer through 'gpg -qd' and 'gpg -ae'.

Recently upgraded that server, and now this does not work anymore.
GPG just exists stating 'No secret key' while running that exact
command on the shell pops up the pinentry thingy and works fine.

Another situation (still) is my PC at work. It has my X session running
mostly always. I access it through SSH too with the same user account
and like to work there, but i can't do anything with GPG on a remotely
connected shell to this machine: The pinentry will consistently pop up
on the X display on that machine instead of the controlling tty (my ssh)
requesting the decryption. 

I've had varying success with exporting GPG_TTY and updatestartuptty,
usually having to restart gpg-agent. To try and keep this workable i
ended up wrapping gpg in a script that sets GPG_TTY, kills all
gpg-agent, starts it, runs gpg...

Then when a tool is not using the wrapper this results in pinentry
plopping up on terminals where i did not expect them, but it is the
terminal i last used the wrapper in.

It's rather cumbersome and very dodgy at least. How do others deal with
this? Or is everyone using GPG solely in GUI environments nowadays? ;)

Any insights welcome!
Sorry for the ranty mail.
I'm a nice guy. Really.

Rgds,
Sndr.
-- 
| Rookworst zonder 'r' is ook worst!
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7  FBD6 F3A9 9442 20CC 6CD2



More information about the Gnupg-users mailing list