5

I'm attempting to use epa mode and org mode in emacs as laid out by this article.

I'm attached to the computer using a screen session and ssh. I therefore needed to change /usr/bin/pinentry to point to /usr/bin/pinentry-curses as /usr/bin/pinentry-gtk-2.

I have 

pinentry-program /usr/bin/pinentry-curses

as the last line in my .gnupg/gpg.conf. When I attempt to save the file I am presented with this menu:

Select recipients for encryption.
If no one is selected, symmetric encryption will be performed.
- `m' to mark a key on the line
- `u' to unmark a key on the line
[Cancel][OK]

I select 'ok' but only get

Opening output file: Encrypt failed, Exit

I get no prompt for my passphrase and no other output is given. It doesn't promp for a passphrase. It doesn't even list my gpg 'user' as foo@bar.com.

However when that line isn't present in the .gnupg/gpg.conf file I do see my gpg 'user' in the 'Select recipients for encryption' dialog. However, the cpu is pegged with the message stating: 

Encrypting /home/user/test.gpg...

(I'm assuming as it is trying to spawn the gtk window and running in circles)

I'm a little confused as to why I needed to link /usr/bin/pinentry to /usr/bin/pinentry-curses and have the line in my gpg.conf file.

Before when /usr/bin/pinentry was linked to /usr/bin/pinentry-gtk-2, if I was on the local machine I'd get the 'Select recipients encryption' prompt with my gpg user listed. I'd get a dialog to input my passphrase and it all worked. I'd get 

Encrypting /home/user/test.gpg...

and it would all succeed.

I'm running GNU Emacs 24.2.1 on an Arch system that is up to date as of this morning.

I'm curious what I'm doing wrong. I've checked out the articles on pinentry and gpg on the arch wiki and they haven't helped to solve the problem. Thanks in advance.

UPDATE: 26-10-2012 An update this morning to package cryptsetup seems to have influenced behavior. I now get A "Please enter passphrase" prompt when I open a .gpg file but it never seems to get past that. The prompt never goes away after entering my passphrase.

Vadim Kotov
  • 7,103
  • 8
  • 44
  • 57
N Klosterman
  • 1,151
  • 13
  • 22

2 Answers2

0

If this prompt comes from pinentry-curses, you might try: 1. enter passphrase (maybe not followed by enter, please try), 2. press tab key, 3. press enter key twice.

The reason for this is that you cannot see the whole form presented by pinentry-curses. Maybe try pinentry-curses outside emacs (and enter command GETPIN) to understand the blind navigation suggested above. Similar problems exist if you use the Mew mail client (and gpg) inside emacs (in a terminal or tmux).

Anyone knows how to force the pinentry-curses dialog into one line suitable for emacs?

Sven
  • 486
  • 4
  • 8
0

There are two main approaches, but their effectiveness may vary depending on the version of GPG used. This answer is for thecurrent modern branch (i.e. 2.2.x), not whatever was current when the question was asked.

Option 1a. Edit ~/.gnupg/gpg-agent.conf to use ncurses:

pinentry-program /usr/bin/pinentry-curses

Option 1b. Edit ~/.gnupg/gpg-agent.conf to use the Emacs pinentry (if available):

pinentry-program /usr/bin/pinentry-emacs

Option 2. Use the local gpg-agent and GUI over the SSH connection as described here

Option 2 takes a bit more effort to setup, but not too much and the benefits are considerable. Especially if you don't want to leave a secret key on a remote server.

Ben
  • 3,268
  • 2
  • 18
  • 34