enable pinentry in emacs minibuffer to fix missing letters
This commit is contained in:
parent
30e0acdfab
commit
8f5a806f23
1 changed files with 51 additions and 3 deletions
54
init.org
54
init.org
|
|
@ -358,10 +358,58 @@ The *pass* command gives a super practical way to store secrets
|
|||
encrypted using *gpg* and use them in *.envrc* files, batch scripts on the
|
||||
command line and, of course, in *Emacs*.
|
||||
|
||||
|
||||
|
||||
For setups with GnuPG >= 2.1, pinentry package is not needed anymore.
|
||||
|
||||
Quote from the Emacs News.26 file:
|
||||
|
||||
*** The pinentry.el library has been removed.
|
||||
That package (and the corresponding change in GnuPG and pinentry)
|
||||
was intended to provide a way to input passphrase through Emacs with
|
||||
GnuPG 2.0. However, the change to support that was only implemented
|
||||
in GnuPG >= 2.1 and didn't get backported to GnuPG 2.0. And with
|
||||
GnuPG 2.1 and later, pinentry.el is not needed at all. So the
|
||||
library was useless, and we removed it. GnuPG 2.0 is no longer
|
||||
supported by the upstream project.
|
||||
|
||||
To adapt to the change, you may need to set 'epa-pinentry-mode' to the
|
||||
symbol 'loopback'. Alternatively, leave 'epa-pinentry-mode' at its
|
||||
default value of nil, and remove the 'allow-emacs-pinentry' setting
|
||||
from your 'gpg-agent.conf' configuration file, usually found in the
|
||||
'~/.gnupg' directory.
|
||||
|
||||
Note that previously, it was said that passphrase input through
|
||||
minibuffer would be much less secure than other graphical pinentry
|
||||
programs. However, these days the difference is insignificant: the
|
||||
'read-password' function sufficiently protects input from leakage to
|
||||
message logs. Emacs still doesn't use secure memory to protect
|
||||
passphrases, but it was also removed from other pinentry programs as
|
||||
the attack is unrealistic on modern computer systems which don't
|
||||
utilize swap memory usually.
|
||||
|
||||
See also a discussion on why pinentry was removed from Emacs core.
|
||||
|
||||
So a setup may now consist of:
|
||||
|
||||
In Emacs' user-init-file:
|
||||
|
||||
#+BEGIN_SRC elisp
|
||||
(require 'epg)
|
||||
(setq epg-pinentry-mode 'loopback)
|
||||
#+END_SRC
|
||||
|
||||
In ~/.gnupg/gpg-agent.conf:
|
||||
|
||||
#+BEGIN_SRC text :tangle no
|
||||
allow-emacs-pinentry
|
||||
# on Mac OS
|
||||
pinentry-program /usr/local/bin/pinentry-mac
|
||||
#+END_SRC
|
||||
|
||||
*** Enable pass secrets
|
||||
|
||||
#+BEGIN_SRC emacs-lisp
|
||||
;; enable unix password-store
|
||||
;;(use-package epg)
|
||||
;;(setq epg-pinentry-mode 'loopback)
|
||||
(auth-source-pass-enable)
|
||||
#+END_SRC
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue