... or it even fails completely - I have pinentry-curses installed and the second prompt does not appear at all, causing decryption to fail in any case (as the input is redirected, pinentry-curses probably fails to find the terminal).
Suggested fix: add '--pinentry-mode loopback' to mutt's invocations of gpg wherever '--passphrase-fd 0' is supplied. Proof of concept: grab an encrypted mail, gpg (v2) and run: (1) gpg --status-fd 2 --passphrase-fd 0 --no-verbose --quiet --batch --output - $TESTMAIL > /dev/null <<< "$PHRASE" (2) gpg --pinentry-mode loopback --status-fd 2 --passphrase-fd 0 --no-verbose --quiet --batch --output - $TESTMAIL > /dev/null <<< "$PHRASE" and observe that for (1), which matches the current settings in gpg.rc, the passphrase on FD 0 is ignored and pinentry is launched despite '--batch'. Command (2) works though. (If you have a gpg-agent with a valid passphrase running, kill/flush it beforehand.) Thanks, Jan PS: Note that the GnuPG transition has hit unstable in the meantime. -- Jan Nordholz <[email protected]> Security in Telecommunications <fgsect.de> TU Berlin / Telekom Innovation Laboratories Ernst-Reuter-Platz 7, Sekr TEL 17 / D - 10587 Berlin, Germany phone: +49 30 8353 58663
