tag:gpgtools.tenderapp.com,2011-11-04:/discussions/feedback/15650-pinentry-mac-use-apple-watch-touchid-to-unlock-gpg-keyGPGTools: Discussion 2020-07-23T15:16:05Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/480666892020-02-10T12:58:00Z2020-02-10T12:58:00Zpinentry-mac: use apple watch / touchID to unlock gpg key<div><p>Hi floge77,</p>
<p>welcome to the GPGTools support platform. And thanks for taking the time to ask about this feature request.</p>
<p>Touch ID is a mechanism to unlock a password stored in a certain location. This works well for apps like 1Password. It does not work well for GPG Mail as that is not an app but a mail plugin.</p>
<p>So storing the password in macOS keychain is still the best option. Note that the passwords in macOS keychain are protected with your user password. If you are worried about leaving your mac unlocked, that is indeed a problem if your mac lives in a shared environment. The best solution to that problem is using an automatic screensaver which is password protected. Not owning an Apple Watch, but maybe it is possible to use the watch to lock your mac as soon as you leave it.</p>
<p>Hope this helps,<br>
Steve</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/480666892020-02-10T13:41:36Z2020-02-10T13:41:37Zpinentry-mac: use apple watch / touchID to unlock gpg key<div><p>Hi Steve,<br>
thanks for your thoughts, but I guess there is a misunderstanding.<br>
My proposal or feature request is not for GPG Mail, but for pinentry-mac: <a href="https://github.com/GPGTools/pinentry-mac">https://github.com/GPGTools/pinentry-mac</a></p>
<p>I would love to have a button there which I then can use to paste the password to pinentry-mac / unlock the gpg key.<br>
See the screenshot attached.</p>
<p>Best regards<br>
Florian</p></div>Floriantag:gpgtools.tenderapp.com,2011-11-04:Comment/480666892020-02-10T16:06:16Z2020-02-10T16:06:16Zpinentry-mac: use apple watch / touchID to unlock gpg key<div><p>As I tried to point out: pinentry-mac is not capable of storing the password in its own storage as there is no such thing (currently). There would be little to no added security compared to storing the password in macOS keychain with a mac, which is locked whenever you leave it, which would be the best practice in shared office spaces in the like.</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/480666892020-06-24T12:34:04Z2020-06-24T12:34:08Zpinentry-mac: use apple watch / touchID to unlock gpg key<div><p>Is it possible to use macOS keychain to store / cache the password, but be prompted for TouchID every time pinentry-mac wants to use it?</p>
<p>I'm content trusting macOS keychain, but am looking for a way to use biometrics to authorise every use of my GPG key, particularly when forwarding it via SSH tunnels to remote systems I perform maintenance on.</p>
<p>I've been spoilt by macOS sudo integration with TouchID [1], and would love to use it with GPG.</p>
<p>.. [1] TouchID for sudo is opt-in, cf. <a href="https://apple.stackexchange.com/a/306324/21948">https://apple.stackexchange.com/a/306324/21948</a></p></div>Robert Meermantag:gpgtools.tenderapp.com,2011-11-04:Comment/480666892020-06-24T15:25:56Z2020-06-24T15:25:56Zpinentry-mac: use apple watch / touchID to unlock gpg key<div><p>Hi Robert,</p>
<p>unfortunately we don't think that this is possible.<br>
If you have an easier to type macOS password, the closest you can get is to being asked for that every time you are trying to sign or decrypt some content.</p>
<p>If you are interested in that I'd be happy to guide you through configuration.</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/480666892020-06-24T15:53:06Z2020-06-24T15:53:08Zpinentry-mac: use apple watch / touchID to unlock gpg key<div><p>Thanks for replying and the offer of assistance. I'm comfortable setting it up myself.</p>
<p>Regards,<br>
Robert</p></div>Robert Meerman