Dear All, I am looking for hints or best practices to seamlessly mix use of GnuPG in the terminal and with frontends, in my case Enigmail in Thunderbird.
I am on MacOS X (10.9.5 "Mavericks") with GnuPG installed through MacPorts as my main machine and also quite often logged into other Macs and other Linux boxes using SSH, coming from that main Mac. Problem: I quite often use gpg through Enigmail and also regularly use it in the terminal or when remotely logged into a box using ssh. Currently, whenever Enigmail needs a passphrase, it throws up a popup window (actually, it runs gpg, which runs the agent, which runs pinentry-mac, which throws up the window) _somewhere_: sometimes on the screen I am looking at, sometimes on another physical screen, sometimes hidden behind other windows, sometimes in the front. When using gpg in the terminal originally the same happened: Some random window popping up at some random spot on some random monitor. Even worse, when logging in through SSH, it throw up a pin entry window on the locked graphical session idling on the remote machine instead of in the terminal I am working in. Partial solution tried: I created a second gpg-agent.conf named "gpg-agent-term.conf" and configured the first to run pinentry-mac and the latter to run pinentry-curses. _Usually_ Enigmail/Thunderbird picks the first one and pops up its passphrase dialogue on one of my physical screens (I have no idea how it decides which one). If (and only if) I remember to explicitly start an agent with the second configuration, then gpg running in the terminal ask for my passphrase in that terminal. But *only* in that terminal. If I run gpg in another terminal, I either get the pinentry-mac (i.e. I forgot to set GPG_AGENT_INFO to the running "terminal-config" agent), or it asks me in that other terminal. On an average day, I have about 10 shell running in parallel, partly in terminal windows, partly in "screen" sessions in a single terminal window. Searching through all my shells where the passphrase dialogue appeared is annoying. However, when I start an agent with the second configuration, before starting Thunderbird, then Enigmail ask me for a passphrase in the terminal where I started that agent. Questions: How can I configure gpg and the agent such that: - Whenever I run gpg in a terminal, it will ask me for my passphrase in exactly that terminal where I am interacting with it and expect the prompt? I.e. on that TTY that is the controlling TTY of the gpg process I am interacting with? - Is there a way to have a single agent (with a single config file, so I can start it at first login and have it available in all terminals/shells and programs (e.g. Thunderbird) started from there) but still a graphical passphrase in programs which (no longer) have StdIn connected to a terminal or don't have a controlling TTY; and have a plain prompt in the terminal for programs that run in a terminal? I seriously doubt that there is any way to get back the just perfect behaviour of the old GnuPG 1.x where Enigmail would show a blocking dialogue attached to exactly that Thunderbird window where I was signing or decrypting a message. But I hope there is at least a way to get the terminal version to prompt for the passphrase in the one spot where it makes sense: the TTY it is running in. Sorry for the long mail, and thanks for reading all this. I tried to be precise on what my problem is and failed to be concise in the same time. Best regards Björn -- | Bjoern Kahl +++ Siegburg +++ Germany | | "mls@-my-domain-" +++ www.bjoern-kahl.de | | Languages: German, English, Ancient Latin (a bit :-)) | _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users