I have an application that runs gpg in batch mode to sign files.
No issues with using gpg: $ gpg --passphrase-fd 10 -s -b -a --default-key [hash] 10<z <filetosignWith the secret key's passphrase piped in on file descriptor #10, and the content to sign on standard input, this works just fine, and the following comes out on standard output:
Reading passphrase from file descriptor 10 You need a passphrase to unlock the secret key for user: "Sam Varshavchik <mr...@courier-mta.com>" 4096-bit RSA key, ID 279DBF25, created 2013-08-25 -----BEGIN PGP SIGNATURE----- [ the signature] But the same parameters do not work if I use gpg2 instead of gpg: $ gpg2 --passphrase-fd 10 -s -b -a --default-key [hash] 10<z <filetosign X11 connection rejected because of wrong authentication. X11 connection rejected because of wrong authentication. gpg: signing failed: Inappropriate ioctl for device gpg: signing failed: Inappropriate ioctl for device Not very helpful. After copiously pouring through the manual page, I discovered that adding a --pinentry-mode loopback option makes gpg2 work exactly like gpg in batch mode. So, the question on the table is as follows:Keeping in mind the stated purpose of the --passphrase-fd option, does it make sense to automatically set "--pinentry-mode loopback" when the -- passphrase-fd option is provided to gpg2? This way, gpg2 and gpg will be interchangable, in batch mode, with the same options.
I'll be happy to create a bug, for this.
pgpM8kMuDnad2.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
