MacGPG: when using SSH, always prompted for passphrase even though it's saved in keychain
I'm running Monterey 12.3.1 + GPG Suite 2022.1 on 2 Macs (Intel MacBook Air and M1 Mac Mini). I saved my GPG passphrase in Keychain.
Basically it's working well, but I have followed https://gpgtools.tenderapp.com/kb/faq/enter-passphrase-with-pinentr... in my ~/.bash_profile to ensure that pinentry-mac prompts via Terminal instead of opening up the GUI window in case it needs to prompt for the passphrase.
if [[ -n "$SSH_CONNECTION" ]]; then
export PINENTRY_USER_DATA="USE_CURSES=1"
fi
The issue is, no matter what I do, if I leave this code in my .bash_profile, I always get prompted to enter my passphrase, even if it's saved in keychain and I am sure my keychain is unlocked, gpg-agent is running etc.
Am I doing something wrong? Any tips for debugging why pinentry is prompting instead of reading from the keychain if USE_CURSES is set? I tried running echo test | gpg --debug-all --clearsign but tbh it dumps so much info that I am not sure where to begin.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Luke Le on 24 May, 2022 09:28 PM
Hi!
This is unfortunately a caveat of macOS that doesn't grant access to a user's keychain unless the user has previously manually unlocked it via the graphical user interface.
You could try that, by logging on to the machine via VNC. Running a sign gpg command from Terminal (via VNC) and after that running the command again from your local Mac via SSH.
Does that work?