pinentry-support

[shibumi]

Hi,

nice project! It would be cool to have pinentry support like bemenu has via pinentry-bemenu.

[l4l]

Hey, thanks for reaching out. I've never used the pinentry yet, so could you please describe the usecase in more details. I want to ensure that it does not fits the dialog mode for example.

[shibumi]

pinentry is a small collection of dialog programs that allow GnuPG to read passphrases and PIN numbers in a secure manner. There are versions for the common GTK and Qt toolkits as well as for the text terminal (Curses).

With bemenu (a demenu like menu) a menu pops up when I use my Yubikey and it asks me for a PIN code.

[l4l]

Is there something that trigger program launch or you do it manually? I have no Yubikey, but would like to test is somehow.

[shibumi]

@l4l you can test it without a yubikey as well. Just install Gnupg and set the following in your gpg-agent.conf file located in $HOME/.gnupg/gpg-agent.conf:

allow-loopback-pinentry
pinentry-program /usr/bin/<your pinentry program>
max-cache-ttl 60480000
default-cache-ttl 60480000

If you just want to have a look on how this work, you could install one of the following pinentry programs for playing around with it:

pinentry usr/bin/pinentry-curses
pinentry usr/bin/pinentry-emacs
pinentry usr/bin/pinentry-gnome3
pinentry usr/bin/pinentry-gtk-2
pinentry usr/bin/pinentry-qt
pinentry usr/bin/pinentry-tty

Just generate a new GPG key... seal it with a password and try to do operations with it. For example encrypting a file with GPG. This will trigger the pinentry menu where you will be asked for a password of the sealed GPG key.

[shibumi]

More Information can be found here: https://github.com/gpg/pinentry

[skewballfox]

btw, I think pin-entry is also used by things like gnome-keyring and (I believe) systemd when it needs to prompt a user for authentication