tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/117412-when-using-ssh-always-prompted-for-passphrase-even-though-its-saved-in-keychainGPGTools: Discussion 2022-08-19T14:01:43Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/541777022022-05-07T14:43:01Z2022-05-09T13:30:29ZMacGPG: when using SSH, always prompted for passphrase even though it's saved in keychain<div><p>I'm running Monterey 12.3.1 + GPG Suite 2022.1 on 2 Macs (Intel MacBook Air and M1 Mac Mini). I saved my GPG passphrase in Keychain.</p>
<p><strong>Basically</strong> it's working well, but I have followed <a href="https://gpgtools.tenderapp.com/kb/faq/enter-passphrase-with-pinentry-in-terminal-via-ssh-connection">https://gpgtools.tenderapp.com/kb/faq/enter-passphrase-with-pinentr...</a> in my <code>~/.bash_profile</code> to ensure that <code>pinentry-mac</code> prompts via Terminal instead of opening up the GUI window in case it needs to prompt for the passphrase.</p>
<pre>
<code>if [[ -n "$SSH_CONNECTION" ]]; then
export PINENTRY_USER_DATA="USE_CURSES=1"
fi</code>
</pre>
<p>The issue is, no matter what I do, if I leave this code in my .bash_profile, I <strong>always</strong> get prompted to enter my passphrase, even if it's saved in keychain and I am sure my keychain is unlocked, gpg-agent is running etc.</p>
<p>Am I doing something wrong? Any tips for debugging why pinentry is prompting instead of reading from the keychain if <code>USE_CURSES</code> is set? I tried running <code>echo test | gpg --debug-all --clearsign</code> but tbh it dumps so much info that I am not sure where to begin.</p></div>(anonymous)tag:gpgtools.tenderapp.com,2011-11-04:Comment/541777022022-05-24T21:28:56Z2022-05-24T21:28:56ZMacGPG: when using SSH, always prompted for passphrase even though it's saved in keychain<div><p>Hi!</p>
<p>This is unfortunately a caveat of macOS that doesn't grant access to a user's keychain unless the user has previously manually unlocked it via the graphical user interface.<br>
You could try that, by logging on to the machine via VNC. Running a sign gpg command from Terminal (via VNC) and after that running the command again from your local Mac via SSH.</p>
<p>Does that work?</p></div>Luke Le