PRESET_PASSPHRASE does not skip pinentry gui dialog

I tried all methods to preset the passphase or standard input redirection so my gpg decryption will work and bypass the pinentry dialog, but all ways do not work. The pinentry still prompt for passphase. What can I do to automate the process and bypass the pinentry prompt?
I’m using the latest gnu4win programs.

gpg-connect-agent PRESET_PASSPHRASE [HEX 40-DIGITS KEYID] -1 [HEX VALUE PASSPHASE]
or
gpg-preset-passphrase --preset -P [HEX VALUE PASSPHASE] [HEX 40-DIGITS KEYID]

  • gpg command still prompt for pinentry
    gpg -v --batch --yes -u “BL_PIP pipadm@biglots.com” -d -o “[OUTPUT FILE]” “[ENCRYPTEDFILE]”

  • Tried echo the passphase int standard input
    echo [ascci passphase]| gpg -v --batch --yes --passphrase-fd 0 -u “[LOCAL USER]” -d -o “[OUTPUT FILE]” “[ENCRYPTEDFILE]”

  • Tried passphase file redirect to standard input
    gpg -v --batch --yes --passphrase-fd 0 -u “[LOCAL USER]” -d -o “[OUTPUT FILE]” “[ENCRYPTEDFILE]” < [PASSPHASE FILE]

  • Tried passphase as parameter
    gpg --batch --yes --passphrase [ascci passphase] -u “[LOCAL USER]” -d -o “[OUTPUT FILE]” “[ENCRYPTEDFILE]”

Dear Ethan,

please take a look at
https://wiki.gnupg.org/TroubleShooting#Passphrase_on_the_command_line

Maybe removing the passphrase altogether or using the loopback mode works
for your use-case.

Presetting the passphrase should work, though.

Best Regards,
Bernhard

Hi Ehtan,

just gave gpg-preset-passphrase a spin to see what might have gone wrong
and I have an idea: Maybe you had the wrong keygrip (and used the keyid instead, which won’t work, but will not give a warning).

See the documentation how to find the right keygrip.
And note that you have to give gpg-agent an option to allow gpg-preset-passphrase to work.

I’ve added both hints to the wiki page mentioned in my last reply.
Thanks for using Gpg4win and thanks that many of you set a reasonable price
when paying for it!

Best Regard,
Bernhard

Thank you Bernhard for your reply.

Sorry about saying KEYID, I followed this forum https://lists.gnupg.org/pipermail/gnupg-users/2010-January/037876.html to get the keygrip (essentially fingerprint). I’ve added the allow-preset-passphase in the pgp-agent.conf in C:\Users\userid\AppData\Roaming\gnupg

I rather not remove the passphase if I could.

Dear Ethan,

when using the steps I’ve outlined, it worked for me with Gpg4win 3.0.3.
The old instructions from 2010 might be slightly different from what has to be done today.

(Note that it is gpg-agent.conf not pgp-agent.conf.)

My recommendation is that you recheck everything, maybe actually try the keygrip.

If the script with the presetting command is on your machine, then an attacker could gain access to the passphrase for the private key. If that is the case, there is no security gain in keeping a passphrase on the secret key itself.

Best Regards,
Bernhard

Ethan I have an issue similar to this one and I’ve oppened a new thread because it’s not exactly the same. In my case I just cannot find configuration file after GPG4win installation.
https://forum.gnupg.org/t/cannot-find-gpg-agent-conf-to-configure-pinentry-unnatended-passphrase/3265

If the config file is not there, just create it. :slight_smile:

Hi Bernhard

What is the command syntax to get the keygrip?

Thanks,
Ethan

Hi Ethan,

gpg --list-keys --with-keygrip WHICH

with WHICH specfiying the pubkeys you would want to list.

Bernhard