A one-liner GPG passphrase prompt?

adigitoleo (Leon) adigitoleo at posteo.net
Tue Mar 5 13:50:41 UTC 2024


It is possible, although not elegant, to achieve what you want.

There are two related issues here. First, it is possible for GPG to use
what is called 'loopback' mode, in which it will accept the passphrase
on the stdin of the parent terminal. You may need this in
`~/.gnupg/gpg-agent.conf`:

    allow-loopback-pinentry

And then `gpg --pinentry-mode loopback ...` should work as you expect.
To make it the default, add this to `~/.gnupg/gpg.conf`:

    pinentry-mode loopback

Although this may break other usage, presumably if gpg is invoked from
within a GUI or some such and the 'controlling terminal' can't accept
input anymore.

Second, the `password-store.sh` implementation (version 1.7.4) always
adds the flag `--batch` to the gpg command. I have found that this is
incompatible with loopback pinentry mode. Therefore, I had patched the
shell script to remove that flag. Upstream seems to have been modified
in this regard, perhaps it will work from HEAD without patching. I had
previously questioned the unconditional use of `--batch` [1], but as I
got no reply I can't vouch for how safe it is to do this.

[1]: https://www.mail-archive.com/password-store@lists.zx2c4.com/msg04511.html


More information about the Password-Store mailing list