Page MenuHome GnuPG
Create Task
Maniphest T3217

pinentry-curses and emacs don't play well together
Closed, InvalidPublic
Actions

Description

Consider a user account on a system that has no graphical environment, where emacs and pinentry-curses are installed.

the user explicitly sets GPG_TTY=$(tty)

from emacs, trigger a command that uses a gpg secret key that has a password. The display is unusable, it's difficult to tell what's being shown, and it's not clear whether keystrokes are going into the pinentry, captured by emacs, or what.

this is with pinentry-curses 1.0.0-2 and gpg and gpg-agent 2.1.21-3 on debian, though it sounds like folks are having similar problems on other platforms.

what's the recommended approach for this configuration?

Event Timeline

dkg created this task.Jun 21 2017, 10:36 PM
dkg added a comment.Jun 21 2017, 10:42 PM

In many cases, it's possible to make two connections (e.g. via ssh) to such a server, and in one of those connections explicitly do:

gpg-connect-agent updatestartuptty /bye

and never set GPG_TTY. In that case, the one terminal becomes dedicated to being the gpg-agent prompting channel, and then the terminal that is using emacs doesn't see any prompting at all.

So i think this is a functional workaround for many similar situations, but it's not a particularly satisfying fix.

werner added subscribers: ueno, werner.Jun 22 2017, 3:11 PM

I used this workaround for the years I accessed my mail over ssh and emacsclient.

Maybe @ueno can help with your original issue. He implemented the Emacs pinentry support.

ueno added a comment.Jun 22 2017, 3:35 PM

It's not possible, unless you convince the Emacs developers to add special support for it. See http://lists.gnu.org/archive/html/emacs-devel/2012-12/msg00798.html.

Personally, I'm done with Emacs vs pinentry.

justus triaged this task as Low priority.Jun 26 2017, 3:14 PM
marcus closed this task as Invalid.Jul 12 2017, 9:43 PM
marcus added a subscriber: marcus.

pinentry-curses on the same terminal as the application was never intended to be automagical - from the start it was clear that during any operation that may trigger a pinentry dialog, the application would have to stop reading from the terminal, and it would have to redraw the screen when gnupg finishes. That's just a limitation of the terminal that can not be overcome (there is no focus grab, no save/restore of the terminal state, etc). This needs to be raised with the emacs developers.

bam_80 added a subscriber: bam_80.Jan 13 2018, 8:37 PM
rotacirbahbgpung added a subscriber: rotacirbahbgpung.Aug 18 2020, 10:47 AM