Mast Kalandar

bandar's colander of random jamun aur aam

Wed, 24 Dec 2008

Password prompts with pinentry under screen


floss, gpg-agent, screen, ssh [link] [comments ()] [raw]

I use public-key based access for a number of things and gpg-agent is a useful way to avoid having to repeatedly type the passphrases needed to unlock the private-keys. The agent prompts you for the passphrase and then uses the unlocked keys for a user-determined time-period. For a number of reasons it is a "good thing" if this prompting happens in a different interface from that where the key is being used. In an X window environment this is done by the pinentry-gtk avatar of pinentry which pops up a new window.

However, I use screen to multiplex operations within a single terminal session, often without an X session. It used to bother me that I could not get pinentry-curses to pop up in a different window. No more ;). Here is a hack that seems to work.

  1. Decide on some location like $HOME/.gnupg/pin-tty and assign it to the variable PINTTY.

  2. Use the additional options --ttypath $PINTTY, --ttytype screen and --keep-tty for gpg-agent.

  3. Start a screen window with the command

    screen -M -t pin socat -,raw,echo=0 PTY,link=$PINTTY

Now everytime a program asks gpg-agent to use a secret-key, it will invoke pinentry-curses which will connect to the pin window under screen; the latter will warn you (-M) that something is asking for a passphrase.

It would be nice if one did not have to invoke socat and screen could do step (3) directly.

Is there any way to integrate the use of gpg-agent with openvpn when the latter uses SSL keys?

There may be some security issues with such use! I can't see any at the moment but I may be wrong. :-(


Sun, 07 Dec 2008

A double blow

Tue, 21 Oct 2008

Going for a spin

Mon, 20 Oct 2008

Xen on lenny x86_64

Sun, 05 Oct 2008

Will I be at FOSS.in 2008?

Fri, 26 Sep 2008

Why people write Free Software

Fri, 19 Sep 2008

Fedora Core DomU on Debian Etch

Thu, 04 Sep 2008

Happy Birthday to GNU

Sat, 19 Jul 2008

And Xen there were two

Sun, 13 Jul 2008

Balaram on Institutional Archives

Thu, 10 Jul 2008

DNS cache poisoning quickfix

Wed, 18 Jun 2008

A flipping trick

Tue, 10 Jun 2008

Monopolies, Convenience and Companies that are "not evil"

Sun, 01 Jun 2008

Junk mail stats from May 2008

Tue, 20 May 2008

IMSc eprint server

Fri, 16 May 2008

Computers and I

Thu, 15 May 2008

Converting keys between SSH and SSL

Wed, 14 May 2008

Understanding Large Numbers
Adding comments to the blog

Mon, 12 May 2008

Recovering from a corrupted flash on Debian SLUG

Fri, 09 May 2008

Comparison of the HCL MiLeap X with the eeePC

Thu, 08 May 2008

A spot of "enabling"

Wed, 07 May 2008

Setting up this blog

Thu, 01 May 2008

What’s the point?

Wed, 30 Apr 2008

People pages on "people"

Tue, 22 Apr 2008

Using schroot for virtualizing

Thu, 10 Apr 2008

Typing in Indic Languages

Tue, 01 Apr 2008

Junk mail stats from March 2008

Sun, 23 Mar 2008

Mailman for bulk mail at IMSc

Wed, 12 Mar 2008

Proposal for IMSc web re-organisation

Fri, 07 Mar 2008

Schlafly double-six movie

Tue, 04 Mar 2008

Testing testing or breaking toys

Fri, 29 Feb 2008

What is Langlands' programme?

Sat, 09 Feb 2008

Documenting past mistakes in CC purchases

Mon, 04 Feb 2008

Some significant changes in the IMSc CC since 1997

Tue, 01 Jan 2008

Trying some encouragement

Archives

< December 2008 >
SuMoTuWeThFrSa
  1 2 3 4 5 6
7 8 910111213
14151617181920
21222324252627
28293031   

2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1997, 1995,