1

Emacs-pinentry is not working for me on emacs 28.0.50 and Ubuntu 20.04, and I wonder why. I follow these steps:

  1. In /home/user, do git clone https://github.com/ecraven/pinentry-emacs.git
  2. Following the answer here, I put this in ~/.gnupg/gpg-agent.conf:
allow-emacs-pinentry
allow-loopback-pinentry
  1. Tell gpg-agent to load this configuration with gpgconf in a shell: gpgconf --reload gpg-agent
  2. In Emacs' init.el I write:
(use-package pinentry
    :config
    (setq epa-pinentry-mode 'loopback)
    (pinentry-start))
  1. Following advice here, I also include in my emacs dotfiles:
(defun pinentry-emacs (desc prompt ok error)
  (let ((str (read-passwd (concat (replace-regexp-in-string "%22" "\"" (replace-regexp-in-string "%0A" "\n" desc)) prompt ": "))))
    str))

The author of emacs-pinentry also says to set GPG_AGENT_INFO correctly inside Emacs, but I don't know what that means.

Maybe that's the missing bit for my setup to work. Thought I think to remember that on one or two occassions I did enter successfully the password for decrypting some entry in .password-store with pass. But on those occassions I entered the password blindly, without any prompt or feedback on the minibuffer. I kinda tried my luck and it worked. However, my expectation was to have a prompt on the minibuffer and some indication that I am typing, such as a string of stars.

Daniel
  • 99
  • 9

1 Answers1

1

In the channel #emacs of the Discord channel System Crafters, a very nice indeed participant called Ashraz told me that:

  • pinentry-emacs isn't necessary anymore.
    • which explains why pinentry-emacs didn't get an update for ~4 years.
    • Reason: gpg-agent has allow-emacs-pinentry nowadays, which tells the default pinentry program to use Emacs as pinentry (if it is running and the pinentry service has been started via pinentry-start).
    • Also GPG_AGENT_INFO shouldn't be necessary in GPG 2.1 or higher.

So all you need to do is:

First, add the following lines in your gpg-agent.conf:

  allow-emacs-pinentry
  allow-loopback-pinentry

The second line allows Emacs to be used as pinentry even if Emacs originally asked the decryption.

Second, you need to adjust epa to use the loopback interface instead and start the server:

(setq epa-pinentry-mode 'loopback)
(pinentry-start)

For more information, see info pinentry and Enabling minibuffer pinentry with Emacs 25 and GnuPG 2.1 on Ubuntu Xenial

Another interesting read is: https://www.masteringemacs.org/article/keeping-secrets-in-emacs-gnupg-auth-sources

(Note that the process may be different for emacs version 26 and later; see https://emacs.stackexchange.com/a/68304)

Community
  • 1
Daniel
  • 99
  • 9