MacGPG: pinentry-mac does not show the keychain checkbox

lips_torn.0s's Avatar

lips_torn.0s

03 Dec, 2021 05:52 AM

Which of our tools is giving you problems?

pinentry-mac (pinentry) 1.1.1

Attach a screenshot of the version info for all installed components (how to: https://gpgtools.tenderapp.com/kb/faq/where-can-i-find-version-info...):

Describe your problem. Add as much detail as possible. Decoding a gpg file opens the pinentry-mac, but I cannot find the option to store the passcode in the macOS keychain at all. Please, refer to the screenshot.

What did you expect instead The check-box of storing it in keychain should show up

Describe steps leading to the problem. brew install gnupg pinentry-mac

gpg -o aaa.txt.gpg -c -e aaa.txt

gpg -d aaa.txt.gpg

Are you using any other Mail.app plugins? No

  1. 1 Posted by lips_torn.0s on 03 Dec, 2021 06:17 AM

    lips_torn.0s's Avatar

    Just wondering if it is encrypted in symmetric key, won't it show up the keychain option?

  2. Support Staff 2 Posted by Steve on 03 Dec, 2021 07:18 PM

    Steve's Avatar

    Hi there,

    thanks for reaching out.

    You already found the correct explanation. For symmetric encryption the password / passphrase cannot be stored in macOS keychain.

    All the best,
    Steve

  3. 3 Posted by lips_torn.0s on 03 Dec, 2021 07:34 PM

    lips_torn.0s's Avatar

    Thanks for the explanation.

    Can you explain or document why it has changed? It stores them in a macOS keychain even though it is symmetric encryption.

  4. Support Staff 4 Posted by Steve on 03 Dec, 2021 08:43 PM

    Steve's Avatar

    It does store the password for symmetric encrypted files or text for you?

  5. 5 Posted by lips_torn.0s on 03 Dec, 2021 09:27 PM

    lips_torn.0s's Avatar

    I don't know what was stored in the macOS keychain. :) I think you're the expert? :)

    Anyway, I believe it stored the passphrase in the macOS keychain before, even though it used symmetric encryption.

    Now, when I try to encrypt a file with the symmetric algorithm, it does not ask whether I want to put the passphrase into the macOS keychain or not.

    I wonder when this has been changed so that I can update my gpg handling script by looking at the gpg version.

    If there is a document, let me know. Thanks!

  6. Support Staff 6 Posted by Luke Le on 03 Dec, 2021 09:38 PM

    Luke Le's Avatar

    Hi,

    you are using gnupg from homebrew. Homebrew installs the "next-generation" gnupg 2.3 which is not guaranteed to be fully supported by our pinentry-mac. The missing macOS keychain checkbox suggests that that is the issue.

    If you need or like the integration with macOS Keychain, it's best to stick to our version of GnuPG which comes included in GPG Suite.

    Hope that helps.

  7. 7 Posted by lips_torn.0s on 03 Dec, 2021 09:58 PM

    lips_torn.0s's Avatar

    Thank you,

    If I install GPG Suite, does it come with the gpg CLI command tool? If so, would you help me find the path/location of the gpg CLI command tool, please?

  8. 8 Posted by lips_torn.0s on 03 Dec, 2021 10:04 PM

    lips_torn.0s's Avatar

    Is /usr/local/MacGPG2/bin/gpg2 from the GPG Suite?

    If so, would /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac the right pinentry-mac from GPG Suite?

  9. Support Staff 9 Posted by Luke Le on 03 Dec, 2021 10:06 PM

    Luke Le's Avatar

    Yes, correct.

  10. 10 Posted by lips_torn.0s on 03 Dec, 2021 10:32 PM

    lips_torn.0s's Avatar

    Thanks, Luke.

    But, they still do not allow to use macOS keychain for encrypting a file with the symmetric key.

    Anyway, that's fine. As long as the symmetric encryption does not allow the macOS keychain, I will keep this in mind and update my script with this information.

    Thanks,

  11. Support Staff 11 Posted by Luke Le on 03 Dec, 2021 10:45 PM

    Luke Le's Avatar

    That is correct. Personally I think it would be confusing for symmetric encryption.

    Also keep in mind, gnupg has a local cache as well, so if you see that if you decrypt the same file within a short timeframe and yon are only asked for the passphrase once, it‘s the cache kicking in.

  12. 12 Posted by lips_torn.0s on 03 Dec, 2021 11:49 PM

    lips_torn.0s's Avatar

    that's right. Thanks!

  13. Support Staff 13 Posted by Steve on 06 Dec, 2021 12:11 AM

    Steve's Avatar

    Glad this is solved for you. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    Best,
    Steve

  14. Steve closed this discussion on 06 Dec, 2021 12:11 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac