<div dir="ltr">I haven't tried it, but if I understand the problem correctly, it is actually gpg-agent that requires the TTY. So when you run gpg-agent and type in the password, you must keep that TTY open. Then your cron job must run *as the same user* as the one that ran gpg-agent, or else it will spawn a new gpg-agent.<div><br></div><div>Having said that, I think leaving a running gpg-agent with a very high TTL around is dubious security. Instead, I might think about using something like EncFs or eCryptfs to encrypt the data rather than anything GPG-based. GPG is good when you have to authenticate people as well as encrypt and decrypt. It makes plenty of assumptions about how it will be used which make it not particularly useful as a general purpose encryption/decryption system, unfortunately.</div><div><br></div><div>I am actually hoping that now that Werner Koch has a regular and fairly secure income now that we will see a restructuring of the code that will address other usage patterns, but that remains to be seen... </div></div><div class="gmail_extra"><br><div class="gmail_quote">On 25 April 2015 at 08:12, <span dir="ltr"><<a href="mailto:notfreebeer@openmailbox.org" target="_blank">notfreebeer@openmailbox.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
i'm trying to set up a little home server to, among other things, download my<br>
mails via POP from various mail servers. I'm using mpop [0] for this, which<br>
can read user's POP passwords either in plain text from the configuration<br>
file, (which i don't like) or using a nice eval command.<br>
My idea was to use pass as password manager, so i don't have to store<br>
passwords in plain text. I'd set gpg-agent ttl variables to a very high value<br>
to prevent expiration, feed the master password for the key encrypting the<br>
password-store once, manually at server startup, and then let everything<br>
happen in the background with mpop using eval on "pass show". The first<br>
problem i had to face was cron not using environment variable for the password<br>
store path, which i solved explicitly specifying it in crontab, but this is<br>
more a general unix issue.<br>
The second problem, the one which pushed me to ask for help here, is that<br>
being used in background, gpg complains about not being able to write on tty.<br>
So i tried putting "--no-tty" in the PGP_OPTS variable inside pass, but fairly<br>
enough now mpop says it doesn't receive any output from the eval...<br>
<br>
Can anyone imagine a way to workaround this issue? Did anyone ever use pass in<br>
a similar situation?<br>
<br>
Thanks.<br>
<br>
<br>
[0] <a href="http://mpop.sourceforge.net/" target="_blank">http://mpop.sourceforge.net/</a><br>
_______________________________________________<br>
Password-Store mailing list<br>
<a href="mailto:Password-Store@lists.zx2c4.com">Password-Store@lists.zx2c4.com</a><br>
<a href="http://lists.zx2c4.com/mailman/listinfo/password-store" target="_blank">http://lists.zx2c4.com/mailman/listinfo/password-store</a><br>
</blockquote></div><br></div>