MacGPG: when using SSH, always prompted for passphrase even though it's saved in keychain

(anonymous)'s Avatar

(anonymous)

07 May, 2022 02:43 PM

I'm running Monterey 12.3.1 + GPG Suite 2022.1 on 2 Macs (Intel MacBook Air and M1 Mac Mini). I saved my GPG passphrase in Keychain.

Basically it's working well, but I have followed https://gpgtools.tenderapp.com/kb/faq/enter-passphrase-with-pinentr... in my ~/.bash_profile to ensure that pinentry-mac prompts via Terminal instead of opening up the GUI window in case it needs to prompt for the passphrase.

if [[ -n "$SSH_CONNECTION" ]]; then
    export PINENTRY_USER_DATA="USE_CURSES=1"
fi

The issue is, no matter what I do, if I leave this code in my .bash_profile, I always get prompted to enter my passphrase, even if it's saved in keychain and I am sure my keychain is unlocked, gpg-agent is running etc.

Am I doing something wrong? Any tips for debugging why pinentry is prompting instead of reading from the keychain if USE_CURSES is set? I tried running echo test | gpg --debug-all --clearsign but tbh it dumps so much info that I am not sure where to begin.

  1. Support Staff 1 Posted by Luke Le on 24 May, 2022 09:28 PM

    Luke Le's Avatar

    Hi!

    This is unfortunately a caveat of macOS that doesn't grant access to a user's keychain unless the user has previously manually unlocked it via the graphical user interface.
    You could try that, by logging on to the machine via VNC. Running a sign gpg command from Terminal (via VNC) and after that running the command again from your local Mac via SSH.

    Does that work?

  2. Steve closed this discussion on 19 Aug, 2022 02:01 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac