GPGTools password prompt doesn't show up

[unicell]

Thanks for creating this handy tool! I followed all the steps from the steps, and it works great!

Only one problem though, when iterm2 hotkey pressed and passprompt script triggered, GPGTools GUI (PINENTRY) doesn't show up to unlock the keychain. If I do pass show <passname> from command line, ncurse based password prompt shows up properly.

Initially when I first install GPGTools, there was a GUI dialog pops up when iterms hotkey pressed. And now it's gone. Also tried Delete and remove "Store in macOS Keychain" checkbox from GPG suite sytem settings, didn't help.

Any quick hint on the issue? Thanks!!

[DanFreed]

It should never prompt you when you have the "Store in macOS keychain" check marked.
Try running the gpg command manually:

/usr/local/bin/gpg -d ~/.password-store/xxx.pgp

That may give you some idea as to what is happening. You can try to click the delete button in the GPG Suite pref pane. That will clear any caching that is taking place.

Also, remember that it will cache the password for the configured number of seconds (in the pref pane).

[unicell]

Thanks for the reply! Actually I followed the steps in this KB[1] to delete stored password from macOS keychain. But still that doesn't bring GUI password prompt back, that confuses me, hence the ask.

Cause when I press hot key in iTerm2 to run passprompt, if keychain is locked, it won't give me a chance to enter password to unlock the keychain. If I simply run commands like "pass show " or "/usr/local/bin/gpg -d ~/.password-store/xxx.pgp" as you suggested, it does pop up a ncurse based dialog window for me to enter password and unlock the keychain.

[1] https://gpgtools.tenderapp.com/kb/faq/password-management

[DanFreed]

It sounds like the pin entry program is set incorrectly.

Run gpgconf to dump your configuration.

You are looking for something like this:

pinentry:Passphrase Entry:/usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac

If that is wrong, you can use gpgconf to fix it.

On Jan 9, 2018, at 12:55 PM, Qiu Yu notifications@github.com wrote:

Thanks for the reply! Actually I followed the steps in this KB[1] to delete stored password from macOS keychain. But still that doesn't bring GUI password prompt back, that confuses me, hence the ask.

Cause when I press hot key in iTerm2 to run passprompt, if keychain is locked, it won't give me a chance to enter password to unlock the keychain. If I simply run commands like "pass show " or "/usr/local/bin/gpg -d ~/.password-store/xxx.pgp" as you suggested, it does pop up a ncurse based dialog window for me to enter password and unlock the keychain.

[1] https://gpgtools.tenderapp.com/kb/faq/password-management https://gpgtools.tenderapp.com/kb/faq/password-management — You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/DanFreed/passprompt/issues/1#issuecomment-356379561, or mute the thread https://github.com/notifications/unsubscribe-auth/AHBU11B9UClo-iVkKA8lbuEuIQoCdHlWks5tI7Y5gaJpZM4RXKoh.

[unicell]

Some more updates for my findings:

• a fresh re-install of GPG Tool Suite brings back the GUI prompt for passphrase, though it doesn't survive system reboot
• gpgconf always shows pinentry:Passphrase Entry:/usr/local/opt/pinentry/bin/pinentry which is a sym link to ncurse based version pinentry-curses
• ncurse pinentry (text based passphrase prompt) actually works fine if uncomment the line of https://github.com/DanFreed/passprompt/blob/master/passprompt#L78 But of course that will print extra characters on the screen and screws up password input with passpromt.

Unfortunately, I don't know much about perl, or how iTerms handles ncurse for co-process, as regarding why uncommenting line 78 makes a difference.

[unicell]

Also, could't figure out how to change "pinetry:Passphrase Entry" setting in gpgconf directly.

Tried brew install pinentry-mac then add following line in ~/.gnupg/gpg-agent.conf pinentry-program /usr/local/bin/pinentry-mac And it doens't make a difference.

[unicell]

Finally fixed my problem by adding use-agent to ~/.gnupg/gpg.conf

This way it gives me consistent GUI prompt even after system reboot. The passpromt + ncurse pinentry I still couldn't figure though.

[DanFreed]

Great! Is there anything I can add to the instructions to avoid this for others?

On Jan 9, 2018, at 3:17 PM, Qiu Yu notifications@github.com wrote:

Finally fixed my problem by adding use-agent to ~/.gnupg/gpg.conf

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/DanFreed/passprompt/issues/1#issuecomment-356416790, or mute the thread https://github.com/notifications/unsubscribe-auth/AHBU1_XLVo0H0e18a1tD5v9fDhJl_U9kks5tI9dlgaJpZM4RXKoh.

[unicell]

Yeah, I think there's one thing you can add to the setup steps. If one need to use GUI based pinenery passphrase prompt, need to add use-agent line to ~/.gnupg/gpg.conf