Gpg: Difference between revisions
No edit summary |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 9: | Line 9: | ||
Passphrase: **** | Passphrase: **** | ||
=== PIN entry in emacs === | === PIN entry in emacs === | ||
It is neckbeard-borked out of the gate. Fix is [[Emacs#GPG|here]]. | |||
=== PIN entry over ssh === | === PIN entry over ssh === | ||
You can in theory decrypt a file over ssh without writing it to disk: | You can in theory decrypt a file over ssh to STDOUT without writing it to disk, but PIN entry fails by default: | ||
ssh | ssh secretbox gpg -d secretfile.gpg | ||
Two fixes are required to get PIN entry to work: | |||
* Use curses for PIN entry on the secretbox: | |||
[secretbox] emacs ~/.gnupg/gpg-agent.conf | |||
allow-emacs-pinentry | |||
allow-loopback-pinentry | |||
pinentry-program /usr/bin/pinentry-curses | |||
* Tell ssh to use tty: | |||
ssh -tt secretbox gpg -d secretfile.gpg | |||
Latest revision as of 17:19, 22 April 2021
Create strong key
We want an elliptical curve key. It's baked in! But hidden.
gpg --expert --full-generate-key Key kind: (9) ECC and ECC Elliptical curve: (1) Curve 25519 Don't expire (0) Real name: Michael Behrns-Miller email: m@bitpost.com Passphrase: ****
PIN entry in emacs
It is neckbeard-borked out of the gate. Fix is here.
PIN entry over ssh
You can in theory decrypt a file over ssh to STDOUT without writing it to disk, but PIN entry fails by default:
ssh secretbox gpg -d secretfile.gpg
Two fixes are required to get PIN entry to work:
- Use curses for PIN entry on the secretbox:
[secretbox] emacs ~/.gnupg/gpg-agent.conf allow-emacs-pinentry allow-loopback-pinentry pinentry-program /usr/bin/pinentry-curses
- Tell ssh to use tty:
ssh -tt secretbox gpg -d secretfile.gpg