pinentry does not work with emacs editor
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pinentry (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Emacs supports entering GnuPG passwords in a mini-buffer. This is a common scenario when running Emacs on remote machine, e.g., to commit to a GIT repository. Password entry is implemented by calling pinentry, which provides a secure protocol between GnuPG and Emacs.
Unfortunately, the Debian 11/Ubuntu 22.04 implementation of pinentry does not work properly: A password can only be entered in a windowed environment using a (e.g., Gnome3) pop-up window - not in an Emacs mini-buffer. And if Emacs is run in tty mode, a password cannot be entered at all since pinentry-curses competes with Emacs for I/O. In the pariticular case of Ubuntu 22.04, replacing the pinentry package(s) with those from Fedora 36 resolves the issue.
Configuration:
In Emacs, install the (Emacs) package `pinentry' along with the following lines in ~/.emacs (or other init file):
(require 'pinentry)
(setq epg-pinentry-mode 'loopback)
(pinentry-start)
Install GnuPG. Create a password-protected secret key (e.g., `gpg --full-
allow-loopback-
allow-emacs-
Add the GnuPG key id to GIT config:
gpg_key_id=$(
gpg --list-secret-keys --keyid-format long |
awk '/^sec\s+ed25519/ { print gensub(/.*\//, "", 1, $2) }'
)
git config --global commit.gpgsign true
git config --global user.signingkey $gpg_key_id
Kill any existing gpg-agent (e.g., `pkill -U $USER -f gpg-agent` or `systemctl --user stop gpg-agent.
Now, edit a GIT repository with Emacs and commit the changes using, e.g., Emacs package `magit'.
The attached image shows the expected password prompt in an Emacs mini-buffer.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: pinentry-gnome3 1.1.1-1build2 [modified: usr/bin/
ProcVersionSign
Uname: Linux 5.15.0-46-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Wed Aug 17 20:02:51 2022
InstallationDate: Installed on 2021-08-01 (381 days ago)
InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Release amd64 (20210420)
SourcePackage: pinentry
UpgradeStatus: Upgraded to jammy on 2022-04-29 (110 days ago)
Entering a GnuPG passphrase in the Emacs minibuffer evidently does work with Ubuntu/Debian pinentry. To enable this, add to ~/.gnupg/gpg.conf the line:
pinentry-mode loopback
and add to ~/.gnupg/ gpg-agent. conf the line:
allow-loopback- pinentry
That's it. Restart gpg-agent, open a text file, then write it (C-x C-w) to disk with a .gpg extension. You'll be prompted in the Emacs minibuffer to enter a passphrase for encryption.
The more complicated method described above uses the external Emacs package pinentry.el and does not modify ~/gnupg/gpg.conf. The prompt that appears in the Emacs minibuffer is more informative, but otherwise the result is the same...
-AM