search

ayushnix / tessen

an interactive menu to autotype and copy pass and gopass data
GNU General Public License v2.0
77 stars 12 forks source link

Feature request: support for smartcards/yubikey #22

Closed Sohex closed 1 year ago

Sohex commented 2 years ago

I have gopass setup to use a gpg key that lives on my yubikey. This works fine with tessen as well, except for when I need to use a password to unlock it. Where gopass would normally prompt me with pinentry tessen doesn't generate any kind of prompt at all. This means I have to go enter the pin elsewhere to unlock the yubikey before I can use tessen. Ideally tessen would pop up with a pinentry window when it's necessary.

ayushnix commented 2 years ago

Unfortunately, I don't have a yubikey to test and determine if this is something that tessen needs to fix.

Normally, if the gpg password isn't in gpg-agent, if you use tessen, the pinentry menu does come up and asks for your password. From what you've described, it looks like gopass uses a pinentry prompt to unlock the yubikey? Without a yubikey to test things myself, I don't think I'll be able to do anything about this.

If you can open a PR to fix this issue, I'd be happy to review it.

krevedkokun commented 2 years ago

it works for me

so-rose commented 2 years ago

@Sohex tessen invokes (go)pass, which in turn invokes gpg, which in turn calls gpg-agent which tries to open the smartcard for decrypting a password. If said smartcard is locked, gpg-agent will then use a sensible pinentry to get the smartcard's pin from the user.

If the only installed pinentry is text-based, then without a terminal, nothing happens.

The good news is, all you need to fix the issue a GUI pinentry. The easiest way is something like pinentry-gnome3, which you can also set in your gpg-agent.conf (https://wiki.archlinux.org/title/GnuPG#pinentry) to force its usage. Then, when gpg-agent asks for a pinentry, it'll start up pinentry-gnome3.

@ayushnix This is not a bug in tessen. I'm happily using it with a yubikey as we speak! I would suggest documenting the requirement of having a GUI pinentry and closing the issue.

ayushnix commented 2 years ago

@so-rose Thanks for confirming that hardware keys work as expected when using tessen.

@Sohex Are you still facing this issue? Are you using a GUI pinentry like pinentry-qt or pinentry-gnome3 in ~/.gnupg/gpg-agent.conf?

Sohex commented 1 year ago

Apologies, this was an issue with my pinentry configuration, closing.