Re: Using gpg2 without pinentry?
On Sat, 3 Jul 2010 05:33, do...@dougbarton.us said: What's needed for this case is a way to tell gpg2 emulate gpg 1.x behavior and prompt for the password in line. I haven't looked at the internals in detail so I have no idea how difficult this would be. The That is not easy but doable; see below. Assuming that Alpine is a curses application you may use the curses pinentry (If DISPLAY is not set, the standard pinentries fall back to curses). This might overwrite the Alpine screen, thus after the filter has been run, you should restore the screen (ctrl-L). If this is not possible you may make use of the shell's suspend feature. Using screen(1) and pinning the pinentry to one screen is another option. You may write a pinentry which loops back to Alpine or your script. To support this GnuPG provides the envvar PINENTRY_USER_DATA which you may set to an arbitrary string and evaluate in your loopback-pinentry. Your pinentry would then use a fifo or another mechanism to ask the originating process to enter a passpharse and return that one back to your loopback-pinentry and in turn to gpg-agent. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using gpg2 without pinentry?
On 06/28/10 15:35, Nicholas Cole wrote: On Mon, Jun 28, 2010 at 8:35 PM, Doug Barton do...@dougbarton.us wrote: On Mon, 28 Jun 2010, Nicholas Cole wrote: On Sun, Jun 27, 2010 at 8:55 PM, Dan Mahoney, System Admin d...@prime.gushi.org wrote: Is there some reasonable way that gpg can detect that it has a controlling termainal (or even, a config file option) and just ask me for my passphrase on stdin? Can you start gpg-agent separately - ie. before the passphrase is needed. If so, you should be fine, I think, if I have understood your problem correctly. That's not the issue. To simplify the problem somewhat, I'm on a windows box. I ssh to my Unix system at home. My .bashrc sets up gpg-agent for me. Now I want to sign something. The usual answer here is pinentry-curses to the rescue. But let's assume that pinentry-curses is not an option. Now how do I enter my passphrase? Do none of the gpg-agent options such as: --xauthority string --keep-tty --keep-display help in this kind of case? It's not clear to me how any of these options would help, but thank you for suggesting them. To describe the problem more precisely, I'm running a command line mail program (Alpine). That program has a feature that allows you to send the incoming or outgoing mail to what's called a filter which is really a separate program that does something to what it's passed and then returns the result to Alpine. The specific filters in question are shell scripts that I've written to integrate PGP with Alpine, and the specific scripts that sometimes need a passphrase are the signing and en/decryption scripts. The filter feature allows the invoked program to be interactive so with gnupg 1.x there is no problem getting the passphrase. When I'm running Alpine within the same X environment as gpg-agent, gpg2 dutifully spawns the qt pinentry dialog and once it gets its response gpg2 chugs merrily along and all is well. The problem occurs when using gpg2 in an environment where spawning a separate pinentry dialog doesn't work. In the situation I'm describing: User runs Alpine, which spawns the internal filter subprocess, which spawns my script, which spawns gpg2, which attempts to spawn pinentry What's needed for this case is a way to tell gpg2 emulate gpg 1.x behavior and prompt for the password in line. I haven't looked at the internals in detail so I have no idea how difficult this would be. The way that I solve this problem right now is that I tell my users not to use gnupg 2.x in this situation. However I'm not sure that's going to scale. Doug -- ... and that's just a little bit of history repeating. -- Propellerheads Improve the effectiveness of your Internet presence with a domain name makeover!http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using gpg2 without pinentry?
On Sun, Jun 27, 2010 at 8:55 PM, Dan Mahoney, System Admin d...@prime.gushi.org wrote: Is there some reasonable way that gpg can detect that it has a controlling termainal (or even, a config file option) and just ask me for my passphrase on stdin? Can you start gpg-agent separately - ie. before the passphrase is needed. If so, you should be fine, I think, if I have understood your problem correctly. http://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html Best wishes, Nicholas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using gpg2 without pinentry?
On Mon, 28 Jun 2010, Nicholas Cole wrote: On Sun, Jun 27, 2010 at 8:55 PM, Dan Mahoney, System Admin d...@prime.gushi.org wrote: Is there some reasonable way that gpg can detect that it has a controlling termainal (or even, a config file option) and just ask me for my passphrase on stdin? Can you start gpg-agent separately - ie. before the passphrase is needed. If so, you should be fine, I think, if I have understood your problem correctly. That's not the issue. To simplify the problem somewhat, I'm on a windows box. I ssh to my Unix system at home. My .bashrc sets up gpg-agent for me. Now I want to sign something. The usual answer here is pinentry-curses to the rescue. But let's assume that pinentry-curses is not an option. Now how do I enter my passphrase? Doug -- Improve the effectiveness of your Internet presence with a domain name makeover!http://SupersetSolutions.com/ Computers are useless. They can only give you answers. -- Pablo Picasso ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using gpg2 without pinentry?
On Mon, Jun 28, 2010 at 8:35 PM, Doug Barton do...@dougbarton.us wrote: On Mon, 28 Jun 2010, Nicholas Cole wrote: On Sun, Jun 27, 2010 at 8:55 PM, Dan Mahoney, System Admin d...@prime.gushi.org wrote: Is there some reasonable way that gpg can detect that it has a controlling termainal (or even, a config file option) and just ask me for my passphrase on stdin? Can you start gpg-agent separately - ie. before the passphrase is needed. If so, you should be fine, I think, if I have understood your problem correctly. That's not the issue. To simplify the problem somewhat, I'm on a windows box. I ssh to my Unix system at home. My .bashrc sets up gpg-agent for me. Now I want to sign something. The usual answer here is pinentry-curses to the rescue. But let's assume that pinentry-curses is not an option. Now how do I enter my passphrase? Do none of the gpg-agent options such as: --xauthority string --keep-tty --keep-display help in this kind of case? N. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Using gpg2 without pinentry?
Hey there, I currently use gnupg 1 from within Alpine (running under screen), and it works okay, but I had a bear of a time using gpg2 because of the pinentry stuff. Specifically, gpg was launched within a mail filter, and had no idea how to spawn a third program (the pinentry window)) in a correct way. I've tried kludging it so it launches in a different screen by tweaking various environment variables, but this seems the wrong way to go about it. As does running with X-forwarding just to launch a tiny pinentry app (I can't guarantee I'll have an xserv everywhere I sit.) Is there some reasonable way that gpg can detect that it has a controlling termainal (or even, a config file option) and just ask me for my passphrase on stdin? I am my sysadmin. I trust me :) -Dan -- Let me tell you something about regrowing your dead wife Lucy, Harry. It's probably illegal, potentially dangerous, and definitely crazy. -Harry nods- Vincent Spano, as Boris in Creator. Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
