Ssh – Can emacs use gpg-agent in a terminal at all

emacsgpgsshterminal

I understand that there are problems with getting pinentry-curses to work with emacs (see some of the comments on http://emacswiki.org/emacs/EasyPG), and so using emacs in a terminal isn't compatible with gpg-agent because of this.

I can't use a graphical pinentry tool in this case as this is over an ssh connection to a remote machine.

However, is it possible to feed the gpg-agent the passphrase beforehand and then have emacs use this, but not to prompt for a passphrase if the agent doesn't already have this info?

What settings would allow this to work with notmuch.el and EasyPG?

Or, are there alternative methods of caching the passphrase which would achieve the same effect, but may have security problems (which is the reason gpg-agent exists in the first place)?

Best Answer

THIS! -> https://github.com/ecraven/pinentry-emacs

You'll have to do some wrenching, but using this thing worked for me. Put the script there into a directory in your PATH and then add the following entry to ~/.gnupg/gpg-agent.conf:

pinentry-program <path-to-pinentry-emacs>/pinentry-emacs

Then reload the agent:

$ echo RELOADAGENT | gpg-connect-agent

Works like a dream for me :)

Related Solutions

SSH, tmux & GnuPG Agent – Best Practices

Turns out this one was incredibly simple. Instead of using that script, I simply removed the "--agents" option from my old keychain launch script (guide here).

This causes the Keychain program to seek out both ssh-agent AND gpg-agent files. Now my encryption system does work quite seamlessly, even while relying on both types of agents.

GPG – How to Configure to Enter Passphrase Only Once Per Session

You can use the technique described on this page:

http://fvue.nl/wiki/Debian_4.0:_Installing_gpg-agent

Here's the gist:

Install gpg-agent and pinentry program:

sudo apt-get install gnupg-agent pinentry-curses

Add the lines below to ~/.profile. Any POSIX-confirming shell should include this file.

# Invoke GnuPG-Agent the first time we login.
# Does `~/.gpg-agent-info' exist and points to gpg-agent process accepting signals?
if test -f $HOME/.gpg-agent-info && \
    kill -0 `cut -d: -f 2 $HOME/.gpg-agent-info` 2>/dev/null; then
    GPG_AGENT_INFO=`cat $HOME/.gpg-agent-info | cut -c 16-`
else
    # No, gpg-agent not available; start gpg-agent
    eval `gpg-agent --daemon --no-grab --write-env-file $HOME/.gpg-agent-info`
fi
export GPG_TTY=`tty`
export GPG_AGENT_INFO

This little script will be activated when you login. If the agent is not running, it will be started. When the agent is started, it shows how to set environment variables in order to connect to it. The script saves these values in ~/.gpg-agent-info, so that when you start another login session the script can setup the variables correctly and thus use the agent.

You will only have to enter your passphrase once per boot. The agent will store your keys in memory, so you don't have to enter the passphrase again.

Best Answer

Related Solutions

SSH, tmux & GnuPG Agent – Best Practices

GPG – How to Configure to Enter Passphrase Only Once Per Session

Related Question