How do you use pinentry-curses with gpg-agent?

Xyne · 2012-03-28 17:15:25

I'm trying to configure gpg/ggp-agent to make it usable without a GUI environment. By default, gpg-agent (which the new gpg requires) uses the default pinentry command (/usr/bin/pinentry), which is just a link /usr/bin/pinentry-gtk-2.

I've tried

eval `gpg-agent --daemon --pinentry-program /usr/bin/pinentry-curses`

but it never prompts me for a password:

# info about my key...
gpg: cancelled by user
gpg: skipped "Xyne.": Operation cancelled
gpg: signing failed: Operation cancelled

I've tried with and without exporting GPG_TTY=$(tty).

Is there a bug in pinentry-curses or am I doing something wrong?

I previously used "gpg --passphrase-df 0" in a couple of scripts, but that no longer works either (double-fun here: the GUI prompt pops up, but the command still waits for input on stdin, which it then ignores).

Last edited by Xyne (2012-03-28 20:02:10)

skanky · 2012-03-28 19:57:35

Been a while since I've used it (at least prior to the recent updates), but gpg-agent gave me a curses pinentry application when I specified it in the config file.
The man page says it should work, so it could be a bug. Can't find any other examples though.

Have you tried knocking up a GUI in VB?

Xyne · 2012-03-28 20:08:12

Thanks for the reply.

I've tried setting it in the config too, but got the same result as the command-line option. (just double-checked)
I'm still working on the non-GUI GUI in VB.

I'm about to call it a bug and open a ticket.

skanky · 2012-03-28 20:20:37

Since I stopped using my server, I don't have any keys, or I'd try it again now. Sorry.

firecat53 · 2012-03-28 20:21:14

If it makes any difference, I've tested this both on my local desktop and remote server via SSH with the following ~/.gnupg/gpg-agent.conf:

 # Keyboard control
 no-grab
   
 # PIN entry program
 pinentry-program /usr/bin/pinentry-curses

Did not set GPG_TTY on the server. I didn't try calling the option from the command line, though.

Scott

Xyne · 2012-03-28 20:28:11

@firecat53
Did you mean that you got it working, or that it looks like a bug?

I've created a ticket for now: https://bugs.archlinux.org/task/29156

firecat53 · 2012-03-28 21:11:43

Heh, sorry...working Calls the pinetry-curses correctly when I did a 'gpg --detach-sign blahblah.xz'

Scott

Xyne · 2012-03-28 22:13:30

The problem is related to su. pinentry-curses works when gpg-agent is run as the login user, but not when su'ed into another account.

This is driving me crazy. Wtf did they completely disable support for the old-style CLI prompt? I'm sure they have their reasons, but relying on a chain of 2 applications instead of none just doesn't seem kiss, and displaying passphrase lengths also seems like a bad idea.

firecat53 · 2012-03-28 22:40:07

I agree...I can see the security reasons for using a special 'passphrase collecting' program, but when it surprises me (and you) with new behavior....like how the !@#$ do I copy and paste my 25 character passphrase into this dialog box that won't let me paste into it and grabs the keyboard away??? <gooogling> Oh, you mean I need a new config file with 'no-grab' in it?? <sigh> ah well. </rant>

Hope you get it working!

Edit: Maybe this thread might shed some more light. Solution...create AUR package for gnupg 1.4?

Scott

Last edited by firecat53 (2012-03-28 22:44:52)

Xyne · 2012-03-29 00:09:04

gpg-agent + pinentry-curses + su = bug
https://bugs.g10code.com/gnupg/issue1391

I've gone back to gpg1 for CLI-only usage:
https://aur.archlinux.org/packages.php?ID=58030

edit:
I also wrote a little gpg batch script that might be useful:
http://xyne.archlinux.ca/scripts/system … tch-script

Last edited by Xyne (2012-03-29 01:26:15)

pshr · 2012-03-29 13:37:01

Thank you Xyne for the gpg1 package, saved my day

leetcat · 2012-09-20 20:45:44

Just create a link between /usr/bin/pinentry and /usr/bin/pinentry-curses

Arch Linux

#1 2012-03-28 17:15:25

How do you use pinentry-curses with gpg-agent?

#2 2012-03-28 19:57:35

Re: How do you use pinentry-curses with gpg-agent?

#3 2012-03-28 20:08:12

Re: How do you use pinentry-curses with gpg-agent?

#4 2012-03-28 20:20:37

Re: How do you use pinentry-curses with gpg-agent?

#5 2012-03-28 20:21:14

Re: How do you use pinentry-curses with gpg-agent?

#6 2012-03-28 20:28:11

Re: How do you use pinentry-curses with gpg-agent?

#7 2012-03-28 21:11:43

Re: How do you use pinentry-curses with gpg-agent?

#8 2012-03-28 22:13:30

Re: How do you use pinentry-curses with gpg-agent?

#9 2012-03-28 22:40:07

Re: How do you use pinentry-curses with gpg-agent?

#10 2012-03-29 00:09:04

Re: How do you use pinentry-curses with gpg-agent?

#11 2012-03-29 13:37:01

Re: How do you use pinentry-curses with gpg-agent?

#12 2012-09-20 20:45:44

Re: How do you use pinentry-curses with gpg-agent?

Board footer