> I'm sorry to steal a potential contribution to Guix, but you could try: > > ‘M-x view-emacs-news’: > > * New Modes and Packages in Emacs 25.1 > > ** pinentry.el allows GnuPG passphrase to be prompted through the > minibuffer instead of a graphical dialog, depending on whether the > gpg command is called from Emacs (i.e., INSIDE_EMACS environment > variable is set). This feature requires newer versions of GnuPG > (2.1.5 or later) and Pinentry (0.9.5 or later). To use this > feature, add "allow-emacs-pinentry" to "~/.gnupg/gpg-agent.conf" and > reload the configuration with "gpgconf --reload gpg-agent".
The two work together, and using pinentry-emacs in my experience seems to be the only reliable way to have pinentry work with the Emacs minibuffer. With pinentry-curses and allow-emacs-pinentry and allow-loopback-pinentry gpg-agent options, I would still have gpg-agent prompt for the passphrase in a curses box on the Linux virtual terminal when running Emacs in X on Debian, whenever the agent cache TTL would expire (so it would prompt in the minibuffer when first started, then would prompt in the VT where X was started from on later attempts). pinentry-emacs is part of the standard pinentry sources, but its build is disabled by default. Apparently everyone thinks that Emacs is a "significant security risk," so no distributions seem to ship it. Here is a discussion about the issue in Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854797 To me the arguments presented in that discussion against pinentry-emacs are total nonsense. Any other software the user loads or that gets compromised to allow remote execution can query gpg-agent and read all your encrypted files. Same deal with installing an X11 key logger to capture the secret key passphrase. Some of the arguments are just bogus (e.g., "/tmp/emacs$UID/pinentry is not a sensible choice of paths, since it is within a world-writable directory" <- has that person ever heard of mktemp?). My recommendation, as a heavy user of Emacs and GPG, is for Guix to build pinentry with --enable-pinentry-emacs, which provides the pinentry-emacs executable as an option for users. Vladimir
