How to make gpg prompt for passphrase on CLI
On a debian box:
sudo apt install pinentry-tty
sudo update-alternatives --config pinentry
(and set it to pinentry-tty)
This kind of password prompt is not done by gpg itself, but by the gpg-agent.
You can configure your gpg-agent which pinentry program should be used. There are options both when starting the agent and in the gpg-agent config file -- please have a glance at the man page.
So I see two options:
- Configure your gpg-agent to use the desired method
- Disable the gpg-agent; you can do that for a single gpg invocation by unsetting the environment variable
GPG_AGENT_INFOlikeGPG_AGENT_INFO="" gpg .... gpg used to have a--no-use-agentoption, but this has been marked deprecated and has no functionality in recent gpg version.
I'm on a newer GPG (2.2.13), and the gpg-agent man page reads:
You should always add the following lines to your
.bashrcor whatever initialization file is used for all shell invocations:GPG_TTY=$(tty) export GPG_TTYIt is important that this environment variable always reflects the output of the
ttycommand. ...
This doesn't explain the "why" (I also don't understand the "why"), but setting this in my .bashrc worked: it caused my gpg-agent to ask for my passphrase via the pinentry-curses interface. I didn't need to set any other configuration (I don't even have a ~/.gnupg/gpg-agent.conf file).
Edit: it seems that this works whenever no DISPLAY is available, e.g. in an SSH session with no X11 forwarding. But when I'm on the desktop and DISPLAY is set, it still brings up the GUI dialog. unset DISPLAY (BASH) in this case makes it use curses instead of the GUI.