gpg-agent, pinentry and Emacs

[raf]

Ralph Seichter wrote:

> I asked about the following on the Notmuch mailing list first, and
> Daniel Kahn Gillmor offered some advice, but the issue is not yet
> resolved. I'm hoping for additional input from the GnuPG community.
> 
> I use Dovecot with a Maildir-based message store, allowing me to access
> my mail using various IMAP based clients. I also use Notmuch[1] with
> Emacs as a MUA, and for that, I login using SSH and a terminal, which of
> course means no graphics beyond Ncurses.
> 
>   [1] https://notmuchmail.org/
> 
> This works fine until I encounter signed or encrypted mail (GPG and/or
> S/MIME). Emacs attempts to prompt me for my password, or to ask me
> whether I trust signator XYZ, but crams that prompt into the last two
> lines of the Emacs window, so I cannot really see what is expected of
> me.
> 
> I use gpg-agent and have tried both pinentry-tty and pinentry-curses. I
> tried with and without 'allow-emacs-pinentry' in gpg-agent.conf. I tried
> 'epa-pinentry-mode' with values 'nil' and 'loopback'. All this did not
> resolve the issue.
> 
> Daniel suggested "running gpg-agent in a dedicated terminal window, and
> handling the gpg-agent prompts from that window". I tried to achieve
> that by setting GPG_TTY to a fixed value like /dev/pts/1, and running
> Emacs in /dev/pts/2. This works for a single time only. When prompting
> me the next time, parts of my input are echoed on the screen, and when I
> press return, the shell in pts/1 attempts to execute my pass phrase. It
> looks like pinentry died halfway, so my input ends up in the shell.
> 
> I you have suggestions about how to solve this, I'd be grateful.
> 
> -Ralph

Does "--pinentry-mode loopback" make any difference?
Is it any different to epa-pinentry-mode?

cheers,
raf