Skip to content

age: add --pinentry flag to use pinentry to read passphrase#386

Closed
twpayne wants to merge 1 commit into
FiloSottile:mainfrom
twpayne:pinentry
Closed

age: add --pinentry flag to use pinentry to read passphrase#386
twpayne wants to merge 1 commit into
FiloSottile:mainfrom
twpayne:pinentry

Conversation

@twpayne
Copy link
Copy Markdown
Contributor

@twpayne twpayne commented Jan 6, 2022

Fixes #182.

This commit uses https://pkg.go.dev/github.com/twpayne/go-pinentry instead of https://pkg.go.dev/github.com/gopasspw/pinentry because the former provides a more complete API, more robust error handling, and correct escape character handling by default.

If this adds too many dependencies, I'd be happy to strip down https://github.com/twpayne/go-pinentry to reduce the dependencies to a minimum.

@twpayne twpayne force-pushed the pinentry branch 2 times, most recently from 1c675ff to bcb9842 Compare January 9, 2022 16:08
@dominikschulz
Copy link
Copy Markdown

dominikschulz commented Jan 10, 2022
edited
Loading

Author of gopasspw/pinentry here. I do support the proposal to replace gopasspw/pinentry with a different implementation. We have introduced our package for an experimental feature that we currently don't put much focus on. So our pinentry implementation is not our top priority right now (and likely won't be anytime soon). We kept it around primarily because I knew that yubikey-agent was using it.

If go-pinentry looks sane (IMHO it does) age should probably use that instead. And you should consider adopting it for yubikey-agent, too. We'll try to move gopass over to it as well.

@twpayne twpayne force-pushed the pinentry branch 2 times, most recently from 9100306 to a5fcefa Compare January 12, 2022 13:11
@twpayne twpayne mentioned this pull request Jan 13, 2022
Merged
@twpayne
Copy link
Copy Markdown
Contributor Author

twpayne commented Jan 14, 2022

I've updated this to use https://github.com/twpayne/go-pinentry-minimal, which has the same functionality as https://github.com/twpayne/go-pinentry but has no dependencies outside the Go standard library.

@FiloSottile
Copy link
Copy Markdown
Owner

FiloSottile commented Apr 26, 2022

Thank you @twpayne for the package, and @dominikschulz for chiming in. I've decided we won't merge alternative password input methods in cmd/age, but we'll ship them all in a separate plugin. I'll make sure to support pinentry there and I'll be using the minimal package like in yubikey-agent. See #256 (comment) for a bit more details.

@twpayne twpayne deleted the pinentry branch April 26, 2022 22:50
FiloSottile added a commit that referenced this pull request Dec 24, 2025
@FiloSottile
cmd/age-plugin-batchpass: plugin for non-interactive passphrase encry…
50a81fd 
…ption

Fixes #603
Closes #641
Closes #520
Updates #256
Updates #182
Updates #257
Updates #275
Updates #346
Updates #386
Updates #445
Updates #590
Updates #572
@FiloSottile
Copy link
Copy Markdown
Owner

FiloSottile commented Dec 24, 2025

The new batchpass plugin handles non-interactive passphrase encryption. See #256 (comment) for usage and a warning.

It doesn't include pinentry support, but if you'd like to copy it to make an age-plugin-pinentry, that'd be great!

@twpayne
Copy link
Copy Markdown
Contributor Author

twpayne commented Dec 26, 2025

Thank you! I made an initial copy and replaced the passphrase prompt with pinentry: https://github.com/twpayne/age-plugin-pinentry

Warning: I've only checked that this code compiles, I've not run it yet, but PRs and contributions welcome.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Use pinentry if available

3 participants

@twpayne @dominikschulz @FiloSottile