Custom GPG pinentry program for macOS that allows using Touch ID for retrieving the key passphrase from the macOS keychain. (MacBook Pro with TouchID only)
Install both using Homebrew:
$ brew install gnupg pinentry-macDownload pre-build pinentry-touchid binaries from the GitHub Releases page.
$ VERSION=$(curl -fsSL https://api.github.com/repos/felix-kaestner/pinentry-touchid/releases/latest | jq -r .tag_name)
$ curl -fsSL -o pinentry-touchid "https://github.com/felix-kaestner/pinentry-touchid/releases/download/${VERSION}/pinentry-touchid-${VERSION}-$(uname -s)-$(uname -m)"
$ mv pinentry-touchid /usr/local/bin/pinentry-touchidClone the repository:
$ git clone https://github.com/felix-kaestner/pinentry-touchid.gitBuild the binary using:
$ ./build.shList the keygrip of the GPG Key for which you want to store the passphrase:
$ gpg --list-keys --with-keygrip
/Users/user/.gnupg/pubring.kbx
----------------------------------------
pub rsa4096 2022-04-01 [SC]
< ... >
Keygrip = 78066B99A804208F8DDB3C8F388C56C1C74EA812
uid [ultimate] Felix Kästner <[email protected]>Create a new entry in the MacOS Keychain for storing your passphrase:
Go to Keychain Access > Select the login keychain under Default Keychains > Click on Create new Keychain item. in the upper right (via the pencil icon).
Fill in the prompt with the following information:
- Keychain Item Name:
"GnuPG" - Account Name: GPG Keygrip
- Password: Your Passphrase
Finally, click on Add.
Configure the gpg-agent to use pinentry-touchid as its pinentry program. Add or replace the following line to your gpg agent configuration in: ~/.gnupg/gpg-agent.conf:
$ pinentry-program /usr/local/bin/pinentry-touchidPinentry-TouchID is now fully configured!
When used for the first time, MacOS will prompt you to allow access to the keychain. Simply provide access by using your user password and clicking Always Allow, so you won't be asked on every use.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent