Gpg: Difference between revisions
(Created page with "=== Create strong key === We want an elliptical curve key. It's baked in! But hidden. gpg --expert --full-generate-key Key kind: (9) ECC and ECC Elliptical curve: (1) C...") |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
email: [email protected] | email: [email protected] | ||
Passphrase: **** | Passphrase: **** | ||
=== PIN entry in emacs === | |||
It is neckbeard-borked out of the gate. Fix is [[Emacs#GPG|here]]. | |||
=== PIN entry over ssh === | |||
You can in theory decrypt a file over ssh to STDOUT without writing it to disk, but PIN entry fails by default: | |||
ssh secretbox gpg -d secretfile.gpg | |||
Two fixes are required to get PIN entry to work: | |||
* Use curses for PIN entry on the secretbox: | |||
[secretbox] emacs ~/.gnupg/gpg-agent.conf | |||
allow-emacs-pinentry | |||
allow-loopback-pinentry | |||
pinentry-program /usr/bin/pinentry-curses | |||
* Tell ssh to use tty: | |||
ssh -tt secretbox gpg -d secretfile.gpg | |||
Latest revision as of 17:19, 22 April 2021
Create strong key
We want an elliptical curve key. It's baked in! But hidden.
gpg --expert --full-generate-key Key kind: (9) ECC and ECC Elliptical curve: (1) Curve 25519 Don't expire (0) Real name: Michael Behrns-Miller email: [email protected] Passphrase: ****
PIN entry in emacs
It is neckbeard-borked out of the gate. Fix is here.
PIN entry over ssh
You can in theory decrypt a file over ssh to STDOUT without writing it to disk, but PIN entry fails by default:
ssh secretbox gpg -d secretfile.gpg
Two fixes are required to get PIN entry to work:
- Use curses for PIN entry on the secretbox:
[secretbox] emacs ~/.gnupg/gpg-agent.conf allow-emacs-pinentry allow-loopback-pinentry pinentry-program /usr/bin/pinentry-curses
- Tell ssh to use tty:
ssh -tt secretbox gpg -d secretfile.gpg