Update the root README with verbose configuration information

jorgelbg / pinentry-touchid

Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.

Apache License 2.0

559 stars 27 forks source link

Update the root README with verbose configuration information #6

Closed rickosborne closed 2 years ago

rickosborne commented 3 years ago

To help out people who may not be super familiar with GPG configuration, and may have trouble debugging.

This is probably far too verbose as-is, but it's an abbreviated version of the steps in #3 .

Gby56 commented 3 years ago

I'm still struggling to understand why my touchID won't be prompted, and I have exactly the same setup as you're describing :/ My keychain has saved the gpg key's passphrase, I replaced my pinentry-program to /usr/local/bin/pinentry-touchid and it doesn't work... Git signing with pinentry-mac works though, but I only have to put my key passphrase once and it stays in memory (probably cache) I tried adding default-cache-ttl 1 max-cache-ttl 1 but it's not working

0x3333 commented 2 years ago

My pinentry-mac doesn't have an option to Save to Keychain, so I cannot use pinentry-touchid. I tried everything I could. Tried GnuPG package, but nothing works.

0x3333 commented 2 years ago

Looks like the problem is a missing key in defaults:

defaults write org.gpgtools.pinentry-mac DisableKeychain -bool no

You must set this to NO, otherwise, it will be "true" and doesn't show, even if you have UseKeychain = yes.

inakiabt commented 2 years ago

I can't get pinentry-mac to display the Save in keychain option, I've already tried:

defaults write org.gpgtools.pinentry-mac DisableKeychain -bool no
defaults write org.gpgtools.pinentry-mac DisableKeychain -bool false
https://github.com/pstadler/keybase-gpg-github/issues/19#issuecomment-1189565494

jorgelbg commented 2 years ago

@inakiabt Can you check if any of the suggestions in this thread helps?

inakiabt commented 2 years ago

@jorgelbg

killall gpg-agent
killall gpg2
killall gpg
killall dirmngr

Make it work. Thanks!

FYI:

$ defaults read org.gpgtools.common
{
    DisableKeychain = 0;
    UseKeychain = YES;
}

jorgelbg commented 2 years ago

Happy to hear that it is working!🎉

pinentry-touchid should've been able to persist the password in the keychain even without the "Save in keychain" option in pinentry-mac. Curious why it didn't work 🤔. Would you mind sharing the logs from $TMPDIR/pinentry-touchid.log?

inakiabt commented 2 years ago

Since I wasn't seeing the "Save in keychain" option I didn't save my passphrase and then try pinentry-touchid 😅 I lost the logs at some point.

I'm automating this setup for my "dotfiles" setup, so I will try it in virtual machine I'm using to see if I can reproduce it and let you know.