Using Command-Line Passphrase Input for GPG with Git (for Windows)

The problem

I’m using Git for Windows, and have configured it to sign every single commit and tag using GPG (GnuPG), which uses Pinentry, a program that allows for secure entry of PINs or passphrases.

A Pinentry window without focus
A Pinentry window without focus

Trying to use the “loopback” (command-line) mode of Pinentry

After digging deep into GnuPG’s documentations, I found out that there’s a “loopback” mode of Pinentry, which will redirect the passphrase queries back to the caller (GnuPG), so that the user will be prompted to input the passphrases directly in the command line.

allow-loopback-pinentry

How to use loopback mode when signing commits with Git?

First I thought there might be some Git config that can be used to add extra arguments to GPG. There’s a gpg.program config for setting a custom program instead of gpg used by Git. I tried to set it to gpg --pinentry-mode loopback, but it won’t work, throwing me errors like “cannot spawn gpg — pinentry-mode loopback: No such file or directory”.

#!/usr/bin/bash
gpg --pinentry-mode loopback $@
> git config --global gpg.program "C:/Users/beta/.gpg-pinentry-loopback"
Bingo

Wrapping things up

1. Add allow-loopback-pinentry to ~/.gnupg/gpg-agent.conf.

gpg-connect-agent reloadagent /bye
#!/usr/bin/bash
gpg --pinentry-mode loopback $@
chmod +x ~/.gpg-pinentry-loopback
git config --global gpg.program "C:/Users/beta/.gpg-pinentry-loopback"

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store