Is it possible to use macOS 'Keychain' + 'TouchID' for pinentry-program?
Is there some way of configuring pinentry-mac
, which I currently use to enter the passphrase for my OpenPGP card (a Yubikey), or a different program that'll store the passphrase in the macOS 'Keychain', so that I just have to use 'TouchID' rather than type it out?
Solution 1:
I was looking into something similar (minus the Yubikey) and found out that pinentry-mac does not support Touch ID (not yet at least). I ended up writing pinentry-touchid
a "wrapper"/integration around pinentry-mac that asks confirmation (via Touch ID) when retrieving the password from the macOS Keychain.
I do not currently have a Yubikey, but pinentry-touchid
speaks the assuan IPC protocol to communicate with the gpg-agent. I'm guessing that it should work in this case as well. If something doesn't work, feel free to open an issue.