On OSX I am not prompted to enter my passphrase for my GPG key

gopasspw / gopassbridge

A web extension for Firefox and Chrome to insert login credentials from gopass

MIT License

264 stars 24 forks source link

On OSX I am not prompted to enter my passphrase for my GPG key #183

Closed prologic closed 3 years ago

prologic commented 4 years ago

I followed the instructions for setting this all up and it works wonderfully from the command-line, but the bridge/extension for Chrome fails to decrypt any passwords presumably because:

It doesn't prompt me to enter a passphrase for the GPG key
The opened GPG key is not currently in my running GPG agent

The only way it will work is if I use gopass show -c ... on the command-line, enter my passphrase thus now my gpg-agent now has my opened secret key.

I'm quite sure I've misconfigured or am missing something. But I'm not sure what?

IntelligentesTierMaulApollo13 commented 3 years ago

I'm not sure you misconfigured anything. I've got exactly the same problem that you describe since a few weeks (don't know the exact date) and I cannot figure out why. But as I wrote in a comment to another issue describing a very similar issue I am not all convinced that is a bug in gopassbridge. Trying to excute the command echo '{"type":"getLogin","entry":"account/github.com/IntelligentesTierMaulApollo13"}' | ./test-client | gopass-jsonapi listen returns the same error message I see when I try to login to github.com using gopassbridge.

Perhaps you also want to try this. Check https://github.com/gopasspw/gopass/issues/1037#issuecomment-437586075 for more info...

martinhoefling commented 3 years ago

What pinentry program are you using?

ook commented 3 years ago

I meet relatively similar condition. On day to day, I use 2 differents gpg keys directly from my disk and 1 gpg key on a Yubikey, all handled by gpg-agent. It seems the "active" key is the last I unlock from the command line: my Yubikey has my signing key for github, one of my gpg key on disk is used for gopass. If I commit something, I'll have to unlock my key via gopass show -c … on terminal to be able to use again gopassbridge in my browser. Then I'll have to use gpg --card-status to be able to sign again a commit with my Yukibey. As stated by https://github.com/gopasspw/gopassbridge/issues/183#issuecomment-743275657 it started some weeks between end of november / start of december.

prologic commented 3 years ago

I realized what I had done wrong and was missing in the end.

I forgot to install pinentry-mac and configure it.

Solution::

$ brew install pinentry-mac
$ echo 'pinentry-program /usr/local/bin/pinentry-mac' >> ~/.gnupg/gpg-agent.conf
$ killall gpg-agent
$ eval $(gpg-agent --daemon)