Adds a useGpgPinentry boolean key that if set with useGpg and useGpgAgent set, will use a specialized signer CommandLineGpgPinentrySigner.
This is useful when using GPG with gpg-agent and a smartcard device with OpenPGP support. In this situation, there is no local secring on the hard drive, and the secret key is kept on the card itself.
Adds a pinentry option to sbt-pgp, by using the
--pinentry-mode loopbackoption specified in https://wiki.archlinux.org/index.php/GnuPG#Unattended_passphraseAdds a
useGpgPinentryboolean key that if set withuseGpganduseGpgAgentset, will use a specialized signerCommandLineGpgPinentrySigner.This is useful when using GPG with gpg-agent and a smartcard device with OpenPGP support. In this situation, there is no local secring on the hard drive, and the secret key is kept on the card itself.
TODO
Testing
This is currently missing ways to effectively test for pinentry. https://lists.gnupg.org/pipermail/gnupg-users/2017-July/058741.html suggests PINENTRY_USER_DATA and fake-pinentries.
Right now I'm testing this locally:
and then killing gpg-agent to ensure that the PIN is not cached, and running
publishLocalSigned: