How to do pinentry in same screen as gpg

Fri, 03 Jan 2014 02:15:29 -0800 

All,
I have a script that I use to send mail (as part of pine/alpine) that needs to prompt for my key passphrase. 

I run alpine on a private unix server, within a screen session.


It basically works perfectly with gpg1, where I can get an inline prompt 
for a password, but gpg2 falls short where it tries to set up some kind of 
a unix-socket connection to a pinentry dialog, and this all falls apart 
within the simple exec() alpine is doing to launch the filter.  GPG hangs 
up and I wind up needing to kill the whole window.


Here's where I've gotten on a possible solution:


I could possibly have every window within my screen session have my 
.cshrc check for a running gpg-agent, and start one if it's not (this 
seems wasteful considering how infrequently I sign).



Along these lines, I'd probably have to have every single screen process 
update the running TTY, so that my most recently-opened screen would 
contain the dialog.  It seems that the pinentry command is invoked behind 
the scenes by the agent, and then directly writes to and reads/from the 
tty specified (so it could in theory interfere with whatever else I'm 
running on that screen), for example, if I were doing something while su'd 
to root.


-or-


It would also be nice if pinentry could cause the spawning of a new screen 
window via "screen -X", but as I have a password-protected screen, this 
isn't possible either.


-or-


It might also be nice if I could basically start a pinentry program in a 
dedicated window, and simply choose to use it when needed (similar in 
analog to how I might use a hardware pinpad, or a fingerprint reader).  I 
don't know if this is possible.  I could also start up some "dummy" 
program in a screen where the agent will spawn.


I think that last one is the plan of attack I'll likely pursue.


However, it would be really, really nice if, instead of 
gpg--agent--assuan--pinentry, GPG could just fall back to prompting for a 
password on the same tty where GPG is running.



It would also be nice if GPG had some method of simply saying "hey, I 
can't find a place to spawn this pinentry, and could exit cleanly."


Thoughts are welcome.

-Dan

--

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users






















					Reply via email to