Workaround for missing pinentry support in gpg-preset-passphrase? (was: How to avoid Passphrase prompt)

Peter Lebbing peter at digitalbrains.com
Fri Feb 2 12:52:02 CET 2018


On 02/02/18 12:23, Peter Lebbing wrote:
> Do this every time after starting the server/starting gpg-agent, to unlock 
> the key:
> 
> gpg-preset-passphrase --preset 15CB764B81D542CF921978CA89910C69D53F4E2D
> 
> (Type in the password. Currently no pinentry support.)

It is a pity gpg-preset-passphrase currently has no pinentry support.

While doing the dishes, I thought: can't we work around that for a bit? 
:-)

I'd like to know what people think of this hack:

--8<---------------cut here---------------start------------->8---
gpg-connect-agent -q '/datafile -' 'get_passphrase --data workaround:pass + Enter+passphrase: +' 'clear_passphrase workaround:pass' /bye | /usr/lib/gnupg2/gpg-preset-passphrase --preset 15CB764B81D542CF921978CA89910C69D53F4E2D
--8<---------------cut here---------------end--------------->8---

As far as I can tell, the first part neatly echoes a pinentry-obtained 
passphrase on stdout. This is then passed to gpg-preset-passphrase.

A neat work-around? Or an ugly hack that leads to system compromise, 
uncontrolled nuclear fusion in the processor and a new world war?

(By the way, I didn't know how to pass an empty string, and all the 
prompts are not optional despite what "help" says. So I passed single 
spaces for the text.)

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180202/33fa9b0b/attachment.sig>


More information about the Gnupg-users mailing list