gpg-agent, pinentry and Emacs

Ralph Seichter abbot at monksofcool.net
Tue Nov 12 18:32:39 CET 2019


I asked about the following on the Notmuch mailing list first, and
Daniel Kahn Gillmor offered some advice, but the issue is not yet
resolved. I'm hoping for additional input from the GnuPG community.

I use Dovecot with a Maildir-based message store, allowing me to access
my mail using various IMAP based clients. I also use Notmuch[1] with
Emacs as a MUA, and for that, I login using SSH and a terminal, which of
course means no graphics beyond Ncurses.

  [1] https://notmuchmail.org/

This works fine until I encounter signed or encrypted mail (GPG and/or
S/MIME). Emacs attempts to prompt me for my password, or to ask me
whether I trust signator XYZ, but crams that prompt into the last two
lines of the Emacs window, so I cannot really see what is expected of
me.

I use gpg-agent and have tried both pinentry-tty and pinentry-curses. I
tried with and without 'allow-emacs-pinentry' in gpg-agent.conf. I tried
'epa-pinentry-mode' with values 'nil' and 'loopback'. All this did not
resolve the issue.

Daniel suggested "running gpg-agent in a dedicated terminal window, and
handling the gpg-agent prompts from that window". I tried to achieve
that by setting GPG_TTY to a fixed value like /dev/pts/1, and running
Emacs in /dev/pts/2. This works for a single time only. When prompting
me the next time, parts of my input are echoed on the screen, and when I
press return, the shell in pts/1 attempts to execute my pass phrase. It
looks like pinentry died halfway, so my input ends up in the shell.

I you have suggestions about how to solve this, I'd be grateful.

-Ralph



More information about the Gnupg-users mailing list