Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/felix-kaestner/pinentry-touchid

Custom GPG pinentry program for macOS that allows using Touch ID for retrieving the key passphrase from the macOS keychain
https://github.com/felix-kaestner/pinentry-touchid

gpg macos pinentry touchid

Last synced: about 5 hours ago
JSON representation

Custom GPG pinentry program for macOS that allows using Touch ID for retrieving the key passphrase from the macOS keychain

Host: GitHub
URL: https://github.com/felix-kaestner/pinentry-touchid
Owner: felix-kaestner
Created: 2022-04-08T21:01:07.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2022-06-21T17:14:31.000Z (over 2 years ago)
Last Synced: 2024-05-02T06:12:42.935Z (7 months ago)
Topics: gpg, macos, pinentry, touchid
Language: Swift
Homepage: https://github.com/felix-kaestner/pinentry-touchid
Size: 19.5 KB
Stars: 6
Watchers: 2
Forks: 1
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Pinentry-TouchID

Custom GPG pinentry program for macOS that allows using Touch ID for retrieving the key passphrase from the macOS keychain. (MacBook Pro with TouchID only)

## Installation

### Prerequisites

* [gnupg](https://formulae.brew.sh/formula/gnupg)
* [pinentry-mac](https://formulae.brew.sh/formula/pinentry-mac)

Install both using [Homebrew](https://brew.sh):

```sh
$ brew install gnupg pinentry-mac
```

### Pre-build Binaries

Download pre-build `pinentry-touchid` binaries from the [GitHub Releases page](https://github.com/felix-kaestner/pinentry-touchid/releases).

```sh
$ VERSION=$(curl -fsSL https://api.github.com/repos/felix-kaestner/pinentry-touchid/releases/latest | jq -r .tag_name)
$ curl -fsSL -o pinentry-touchid "https://github.com/felix-kaestner/pinentry-touchid/releases/download/${VERSION}/pinentry-touchid-${VERSION}-$(uname -s)-$(uname -m)"
$ mv pinentry-touchid /usr/local/bin/pinentry-touchid
```

### Manual

Clone the repository:

```sh
$ git clone https://github.com/felix-kaestner/pinentry-touchid.git
```

Build the binary using:

```sh
$ ./build.sh
```

## Quickstart

List the keygrip of the GPG Key for which you want to store the passphrase:

```sh
$ gpg --list-keys --with-keygrip

/Users/user/.gnupg/pubring.kbx
----------------------------------------
pub rsa4096 2022-04-01 [SC]
< ... >
Keygrip = 78066B99A804208F8DDB3C8F388C56C1C74EA812
uid [ultimate] Felix Kästner
```

Create a new entry in the MacOS Keychain for storing your passphrase:

Go to `Keychain Access` > Select the `login` keychain under _Default Keychains_ > Click on _Create new Keychain item._ in the upper right (via the pencil icon).
Fill in the prompt with the following information:

* Keychain Item Name: `"GnuPG"`
* Account Name: GPG Keygrip
* Password: Your Passphrase

Finally, click on `Add`.

Configure the `gpg-agent` to use `pinentry-touchid` as its pinentry program. Add or replace the following line to your gpg agent configuration in: `~/.gnupg/gpg-agent.conf`:
```sh
$ pinentry-program /usr/local/bin/pinentry-touchid
```

`Pinentry-TouchID` is now fully configured!

When used for the first time, MacOS will prompt you to allow access to the keychain. Simply provide access by using your user password and clicking `Always Allow`, so you won't be asked on every use.