Mast Kalandar

bandar's colander of random jamun aur aam

Wed, 24 Dec 2008

Password prompts with pinentry under screen


floss, gpg-agent, screen, ssh [link] [comments ()] [raw]

I use public-key based access for a number of things and gpg-agent is a useful way to avoid having to repeatedly type the passphrases needed to unlock the private-keys. The agent prompts you for the passphrase and then uses the unlocked keys for a user-determined time-period. For a number of reasons it is a "good thing" if this prompting happens in a different interface from that where the key is being used. In an X window environment this is done by the pinentry-gtk avatar of pinentry which pops up a new window.

However, I use screen to multiplex operations within a single terminal session, often without an X session. It used to bother me that I could not get pinentry-curses to pop up in a different window. No more ;). Here is a hack that seems to work.

  1. Decide on some location like $HOME/.gnupg/pin-tty and assign it to the variable PINTTY.

  2. Use the additional options --ttypath $PINTTY, --ttytype screen and --keep-tty for gpg-agent.

  3. Start a screen window with the command

    screen -M -t pin socat -,raw,echo=0 PTY,link=$PINTTY

Now everytime a program asks gpg-agent to use a secret-key, it will invoke pinentry-curses which will connect to the pin window under screen; the latter will warn you (-M) that something is asking for a passphrase.

It would be nice if one did not have to invoke socat and screen could do step (3) directly.

Is there any way to integrate the use of gpg-agent with openvpn when the latter uses SSL keys?

There may be some security issues with such use! I can't see any at the moment but I may be wrong. :-(


Archives

< December 2008 >
SuMoTuWeThFrSa
  1 2 3 4 5 6
7 8 910111213
14151617181920
21222324252627
28293031   

2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1997, 1995,