MacGPG: when using SSH, always prompted for passphrase even though it's saved in keychain

(anonymous)'s Avatar

(anonymous)

07 May, 2022 02:43 PM

I'm running Monterey 12.3.1 + GPG Suite 2022.1 on 2 Macs (Intel MacBook Air and M1 Mac Mini). I saved my GPG passphrase in Keychain.

Basically it's working well, but I have followed https://gpgtools.tenderapp.com/kb/faq/enter-passphrase-with-pinentr... in my ~/.bash_profile to ensure that pinentry-mac prompts via Terminal instead of opening up the GUI window in case it needs to prompt for the passphrase.

if [[ -n "$SSH_CONNECTION" ]]; then
    export PINENTRY_USER_DATA="USE_CURSES=1"
fi

The issue is, no matter what I do, if I leave this code in my .bash_profile, I always get prompted to enter my passphrase, even if it's saved in keychain and I am sure my keychain is unlocked, gpg-agent is running etc.

Am I doing something wrong? Any tips for debugging why pinentry is prompting instead of reading from the keychain if USE_CURSES is set? I tried running echo test | gpg --debug-all --clearsign but tbh it dumps so much info that I am not sure where to begin.

  1. Support Staff 1 Posted by Luke Le on 24 May, 2022 09:28 PM

    Luke Le's Avatar

    Hi!

    This is unfortunately a caveat of macOS that doesn't grant access to a user's keychain unless the user has previously manually unlocked it via the graphical user interface.
    You could try that, by logging on to the machine via VNC. Running a sign gpg command from Terminal (via VNC) and after that running the command again from your local Mac via SSH.

    Does that work?

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac