Re: GnuPG passphrase in Emacs minibuffer

[Andrew L. Moore]

On 8/21/22 01:58, Eli Zaretskii wrote:
> > Date: Sun, 21 Aug 2022 00:44:25 -0400
> > From: "Andrew L. Moore" <slewsys@gmail.com>
> >
> > To allow a GnuPG passphrase in the Emacs minibuffer, I use the external
> > Emacs package pinentry.el in loopback mode*:
> >
> > (setq epg-pinentry-mode 'loopback)
> >
> > Unfortunately, this doesn't work on Debain-based systems without
> > upgrading the pinentry source (use: git://git.gnupg.org/pinentry.git).
> >
> > But it turns out that pinentry.el may not be required any more.  It is
> > enough to add to the file ~/.gnupg/gpg.conf the line:
> >
> >       pinentry-mode loopback
> >
> > and to ~/.gnupg/gpg-agent.conf:
> >
> >       allow-loopback-pinentry
> >
> > Restart gpg-agent and that's it.  The most obvious difference is that
> > pinentry.el provides a more informative prompt, e.g.,
> >
> >       [[1399721]@slewsys.org] Please enter the passphrase to unlock the
> > OpenPGP secret key:
> >       "Andrew L. Moore <alm@slewsys.org>"
> >       255-bit EDDSA key, ID 0x0AB16F2E536D3DB5,
> >       created 2021-11-01.:
> >
> > versus when GnuPG runs PINEntry in loopback mode:
> >
> >       Enter passphrase:
>
> This is in Emacs NEWS that shipped with Emacs 26, no?

The Emacs 26 etc/NEWS article about removing pinentry.el appears to be 
incomplete.  I only see mentioned that:

    allow-emacs-pinentry

should be removed from ~/.gnupg/gpg-agent.conf.  This is necessary but 
insufficient. And reference to the variable `epg-pinentry-mode' affects 
only EasyPG, not other contexts like signing commits with Magit.

To allow Magit and other packages to enter a GnuPG passphrase in the 
Emacs minibuffer, the critical step is to add to ~/.gnupg/gpg.conf:

    pinentry-mode loopback

This works for EasyPG as well, without having to set the 
epg-pinentry-mode variable.