rwxr--r--
/dev/blog

Bez Hermoso, Software Engineer @ Square

vim-gnupg provides transparent PGP encryption/decryption when editing *.gpg et al files with vim. Sadly, if you are using a TTY-based pinentry your GNUPG setup like pinentry-curses, it won’t work (with no fault from the plugin author).

The trick to get it to work is to somehow tell the gpg-agent to use an external pinentry program when triggered by vim-gnupg. For this, the pinentry-mac program fits the bill:

 
$ brew install pinentry-mac

Configure gpg-agent to use it as the pinentry program:

 
# ~/.gnupg/gpg-agent.conf:
pinentry-program /usr/local/bin/pinentry-mac

Configure your shell to use the TTY-based pinentry in most circumstances:

 
# ~/.bashrc ~/.zshrc, etc. :

GPG_TTY=$(tty)
# Tell the pinentry program to use the nice, full-screen pinentry program:
export PINENTRY_USER_DATA="USE_CURSES=1"

Restart your terminal application (or source your config file), then restart the gpg-agent:

 
$ gpgconf --kill gpg-agent

Now it’s just a matter of configuring vim-gnupg to override the PINENTRY_USER_DATA so that PGP prompts will use the GUI pinentry:

let g:GPGExecutable = "PINENTRY_USER_DATA='' gpg --trust-model always"

Now, whenever you edit/write PGP encrypted files in Neovim, the GUI pinentry will be used and vim-gnupg should start working as expected.

GUI pinentry from pinentry-mac

comments powered by Disqus