Respect PINENTRY_USER_DATA=USE_CURSES=1

jorgelbg / pinentry-touchid

Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.

Apache License 2.0

521 stars 23 forks source link

Respect PINENTRY_USER_DATA=USE_CURSES=1 #26

Open jgresty opened 2 years ago

jgresty commented 2 years ago

pinentry-mac falls back to pinentry-curses if the env var PINENTRY_USER_DATA=USE_CURSES=1 is set, however pinentry-touchid does not respect this and will always prompt for touchid.

This is needed when pinentry is requested over a remote connection where the user has no physical access to the system, ie ssh sessions.

jorgelbg commented 2 years ago

Oh, interesting I hadn't considered this use case TBH 😅.

Myridium commented 2 years ago

Is this option unique to pinentry-mac or is it something which is respected by other pinentry programs too?

jgresty commented 2 years ago

PINENTRY_USER_DATA is used by gpg-agent to pass data to the underlying pinentry process, however USE_CURSES is unique to macos as pinentry normally uses the DISPLAY variable on other platforms.

https://github.com/GPGTools/pinentry/blob/b7195e9d4c098ea315e18ade3b4dab210492fadf/macosx/main.m#L67