1

We use StackExchange blackbox as well as Hiera-eyaml-gpg to encrypt files in our Git repo using GPG keys.

I configured Git to decrypt files using Textconv configuration, so it automatically decrypts and compares both blackbox and .eyaml files when I execute commands like git show ..., git diff ... or git log -p ....

I also use GPG agent on my OSX, so it remembers the passphrase for a while.

The problem I hit is specifically with eyaml - if I execute git show HEAD..FETCH_HEAD and the agent needs to refresh the passphrase then it will automatically pop-up a nice TUI asking to re-type it. This works great if it was triggered via Blackbox but not by gpg-hiera-eyaml.

I'd like to find a way to tell gpg "now please ask for the passphrase if needed" directly from the command line, without having to trigger some blackbox command.

Is this possible?

Thanks.

EDIT: This is with GPG 1.4.20 on OSX.

EDIT: I tried preset'ing the passphrase with gpg-preset-passphrase -v -c $(gpg --list-secret-keys --with-fingerprint --with-colons | awk -F: '$1 == "fpr" { print $10 }') but it doesn't make a difference - git diff with eyaml files still tries to read the passphrase and fails.

Capt. Crunch
  • 839
  • 2
  • 12
  • 25

1 Answers1

1

Try:

gpg-connect-agent RELOADAGENT /bye
Matei David
  • 231
  • 2
  • 6
  • Thanks but I can't find this command. I edited the question to specify that this is with GPG 1.4.20 on OS X, in case your answer is relevant to GPG 2. – Capt. Crunch Aug 08 '16 at 04:10
  • 1
    @AmosShapira `gpg-connect-agent` is often part of gnupg-agent packages, not gpg/gnupg itself. Also, Matei David did not mention that after the reload you need re-enter the password. Then it is "refreshed". – xebeche Sep 19 '16 at 17:17
  • Thanks. I got that command on my Mac now that I have GPG 2.0.30 on it too (Homebrew formula `gpg2`) and after running this command and entering my passphrase once, it seems to have stuck and I'm not asked for the passphrase any more after waiting for over an hour. I have to say that this feels like Voodoo to me since I don't understand what this has to do with solving the problem. – Capt. Crunch Sep 20 '16 at 01:12
  • About the "Voodoo" question - does this `RELOADAGENT` work because it tells the agent to pay attention to the `gpg-preset-passphrase` I mention in my question? Would I still have to keep running the preset passphrase every time I logout and login? (I usually let it sleep). – Capt. Crunch Sep 20 '16 at 01:19
  • It didn't work - I still get asked for the passphrase without being able to enter it correctly. – Capt. Crunch Sep 22 '16 at 03:52