[Bug 1986895] Re: pinentry does not work with emacs editor

Andrew L. Moore 1986895 at bugs.launchpad.net
Sun Aug 21 02:40:49 UTC 2022 

Entering a GnuPG passphrase in the Emacs minibuffer evidently does work
with Ubuntu/Debian pinentry.  To enable this, add to ~/.gnupg/gpg.conf
the line:

pinentry-mode loopback

and add to ~/.gnupg/gpg-agent.conf the line:

allow-loopback-pinentry

That's it.  Restart gpg-agent, open a text file, then write it (C-x C-w)
to disk with a .gpg extension.  You'll be prompted in the Emacs
minibuffer to enter a passphrase for encryption.

The more complicated method described above uses the external Emacs package pinentry.el and does not modify ~/gnupg/gpg.conf.  The prompt that appears in the Emacs minibuffer is more informative, but otherwise the result is the same...
-AM

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pinentry in Ubuntu.
https://bugs.launchpad.net/bugs/1986895

Title:
  pinentry does not work with emacs editor

Status in pinentry package in Ubuntu:
  New

Bug description:
  Emacs supports entering GnuPG passwords in a mini-buffer. This is a
  common scenario when running Emacs on remote machine, e.g., to commit
  to a GIT repository.  Password entry is implemented by calling
  pinentry, which provides a secure protocol between GnuPG and Emacs.

  Unfortunately, the Debian 11/Ubuntu 22.04 implementation of pinentry
  does not work properly: A password can only be entered in a windowed
  environment using a (e.g., Gnome3) pop-up window - not in an Emacs
  mini-buffer. And if Emacs is run in tty mode, a password cannot be
  entered at all since pinentry-curses competes with Emacs for I/O.  In
  the pariticular case of Ubuntu 22.04, replacing the pinentry
  package(s) with those from Fedora 36 resolves the issue.

  Configuration:
  In Emacs, install the (Emacs) package `pinentry' along with the following lines in ~/.emacs (or other init file):

  (require 'pinentry)

  (setq epg-pinentry-mode 'loopback)
  (pinentry-start)

  Install GnuPG.  Create a password-protected secret key (e.g., `gpg
  --full-generate-key`). Add the following lines to ~/.gnupg/gpg-
  agent.conf:

  allow-loopback-pinentry
  allow-emacs-pinentry

  Add the GnuPG key id to GIT config:

  gpg_key_id=$(
      gpg --list-secret-keys --keyid-format long |
          awk '/^sec\s+ed25519/ { print gensub(/.*\//, "", 1, $2) }'
  )
  git config --global commit.gpgsign true
  git config --global user.signingkey $gpg_key_id

  
  Kill any existing gpg-agent (e.g., `pkill -U $USER -f gpg-agent` or `systemctl --user stop gpg-agent.service`).

  Now, edit a GIT repository with Emacs and commit the changes using,
  e.g., Emacs package `magit'.

  The attached image shows the expected password prompt in an Emacs
  mini-buffer.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: pinentry-gnome3 1.1.1-1build2 [modified: usr/bin/pinentry-gnome3]
  ProcVersionSignature: Ubuntu 5.15.0-46.49-generic 5.15.39
  Uname: Linux 5.15.0-46-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Aug 17 20:02:51 2022
  InstallationDate: Installed on 2021-08-01 (381 days ago)
  InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Release amd64 (20210420)
  SourcePackage: pinentry
  UpgradeStatus: Upgraded to jammy on 2022-04-29 (110 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pinentry/+bug/1986895/+subscriptions

More information about the foundations-bugs mailing list