User Details
- User Since
- Mar 27 2017, 4:48 PM (401 w, 1 d)
- Availability
- Available
Jun 5 2015
How would the suggested method of programmatically using gpg be?
I'm maintaining a service that uses gpg as a streaming encryption/decryption
backend and we need to provide the passphrase for the keys somehow in a
convenient manner.
Priming the agent is not optimal too because it would force me to restart the
agent every time i add new keys.
Maybe give me the possibility to provide new passphrases to the agent via the
agent socket?
May 7 2015
It seems that the gpg-agent needs to be started with --allow-loopback-pinentry
for this to work.
Because I let gpg autostart the daemon for me, this does not get passed to
gpg-agent and therefore does not work when setting --pinentry-mode=loopback in gpg.
I don't know what is to do here.
Should gpg with --pinentry-mode=loopback autostart the gpg-agent with
--allow-loopback-pinentry ?
Or should I just add some documentation to the manpages to describe what is
necessary for --pinentry-mode=loopback and --passphrase-file to work?
May 2 2015
When I try the following under gnupg 2.1.3 with arch linux:
$ gpg --homedir <gpg-dir> --batch --pinentry-mode=loopback --passphrase-file
<passfile> --decrypt myfile.gpg
I get the following error:
gpg: setting pinentry mode 'loopback' failed: Not supported
...
gpg: decryption failed: No secret key
Is the gnupg version of arch just missing some compile-time flag to support
--passphrase-file without manual pinentry? If this is the case, I could report
this back to the arch maintainer to get it fixed downstream.
Or is there still some work to be done on gnupg?