Is it possible to use macOS 'Keychain' + 'TouchID' for pinentry-program?

Is there some way of configuring pinentry-mac, which I currently use to enter the passphrase for my OpenPGP card (a Yubikey), or a different program that'll store the passphrase in the macOS 'Keychain', so that I just have to use 'TouchID' rather than type it out?


Solution 1:

I was looking into something similar (minus the Yubikey) and found out that pinentry-mac does not support Touch ID (not yet at least). I ended up writing pinentry-touchid a "wrapper"/integration around pinentry-mac that asks confirmation (via Touch ID) when retrieving the password from the macOS Keychain.

I do not currently have a Yubikey, but pinentry-touchid speaks the assuan IPC protocol to communicate with the gpg-agent. I'm guessing that it should work in this case as well. If something doesn't work, feel free to open an issue.