Reason for using gpg --batch?

adigitoleo (Leon) adigitoleo at posteo.net
Thu Jun 22 16:45:30 UTC 2023


Hello,

In password-store.sh, some option flags are unconditionally added to the
gpg invocation. These are --batch and --use-agent. While I understand
the use of the latter, I'm not so clear on what the reason is for using
--batch. The gpg man page suggests this is intended for pgrogrammatic
use of gpg, to avoid blocking or waiting for interactive input. However,
pass is a CLI program that quite happily asks for input in many
situations.

My reason for asking this is because I have recently discovered that gpg
can use a 'loopback' mode whereby it accepts the PGP key passphrase on
the stdin of the terminal where pass was invoked. This is convenient,
because I mainly use pass from interactive terminals, and therefore
don't usually want nor need the PGP agent to resort to using a special
GUI or ncurses interface just to ask me for the passphrase.

It seems to me that the simple answer would be to use `pinentry-mode
loopback` in .gnupg/gpg.conf, however the gpg --batch option is not
compatible with this setting. For now, I am manually patching the shell
script to remove that flag, and have not yet encountered any problems,
but would like to know if that has other implications.

Cheers,
Leon


More information about the Password-Store mailing list