org.eclipse.egit.doc/contexts/GpgConfiguration.html - egit/egit - Git at Google

 <?xml version='1.0' encoding='utf-8' ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <!--
    Copyright (C) 2021 Thomas Wolf <thomas.wolf@paranor.ch> and others.

    All rights reserved. This program and the accompanying materials
    are made available under the terms of the Eclipse Public License 2.0
    which accompanies this distribution, and is available at
    https://www.eclipse.org/legal/epl-2.0/

    SPDX-License-Identifier: EPL-2.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
 	<title>Configuring GPG for use with Eclipse</title>
 	<link type="text/css" rel="stylesheet" href="../help/book.css"/>
 </head>
 <body>
 <h1>Configuring GPG for use with Eclipse</h1>
 <p>
 For using an external GPG program with Eclipse, GPG must be configured to use a GUI
 pop-up dialog for user interaction, for instance when asking for key passphrases or
 smartcard PINs.
 </p>
 <p>
 Standard installations of GPG such as the distributions available from
 <a href="https://gnupg.org/download/index.html#sec-1-2">GnuPG</a> are normally
 set up correctly out of the box. But in some cases, GPG on a system may be configured
 to ask the user for passphrases and such always via a terminal (a command window).
 In that case, GPG cannot be used by Eclipse.
 </p>
 <h2>Getting a Passphrase Dialog</h2>
 <p>
 In GPG, it is not the <code>gpg</code> program itself that asks for passphrases.
 Instead, GPG uses a "hidden" system program <code>gpg-agent</code> to manage keys,
 and that <code>gpg-agent</code> program in turn uses yet another program called
 <em>pinentry</em> for actually asking the user for input. When <code>gpg</code>
 is invoked to sign something, it starts <code>gpg-agent</code> if that isn't
 running already. Once started, <code>gpg-agent</code> will continue running in
 the background, and will be re-used by future <code>gpg</code> operations.
 </p>
 <p>
 How GPG asks the user for passphrases is thus determined by how the <code>gpg-agent</code>
 is configured. There are several possible reasons why <code>gpg-agent</code> might
 use a terminal input instead of a GUI dialog:
 </p>
 <dl>
 <dt>Environment variable <b><tt>GPG_TTY</tt></b></dt>
 <dd>
 <p>
 The <code>gpg-agent</code> might have been started with environment variable
 <tt><b>GPG_TTY</b></tt> being set. In that case, it may be sufficient to terminate
 ("kill") the currently running <code>gpg-agent</code> process. When called from
 Eclipse, <tt><b>GPG_TTY</b></tt> is <em>not</em> set, so if the Eclipse invokes
 GPG the next time, the <code>gpg-agent</code> should start normally and use a GUI
 dialog.
 </p>
 <p>If that works, figure out where in your system <tt>GPG_TTY</tt> is set and do
 <em>not</em> set it to prevent the problem from re-occurring.
 </p>
 </dd>
 <dt>Fixed <em>pinentry</em> configuration</dt>
 <dd>
 <p>
 The <code>gpg-agent</code> may be configured to use a particular <em>pinentry</em>
 program. This configuration is in a file <tt><b>gpg-agent.conf</b></tt> in the user's
 GPG directory, on Unix at <tt><b>~/.gnupg/gpg-agent.conf</b></tt>, on Windows at
 <tt><b>%APP_DATA%/gnupg/gpg-agent.conf</b></tt>. This file may contain a configuration
 for <code>pinentry-program</code>, which may be set to <code>pinentry-tty</code> or
 <code>pinentry-curses</code>. In this case, remove the line or configure a GUI
 pinentry explicitly, and  terminate the currently running <code>gpg-agent</code> process
 and optionally restart it. (Otherwise it will be restarted on the next GPG operation
 automatically.)
 </p>
 </dd>
 <dt>Missing GUI <em>pinentry</em> program</dt>
 <dd>
 <p>
 Your system may not have a <em>pinentry</em> for a GUI dialog installed. This should
 rarely happen, and if so, only with third-party packages of GPG. Install the missing
 pinentry programs on your system using the system's package installation tool.
 </p>
 </dd>
 <dt>Custom <em>pinentry</em> script</dt>
 <dd>
 <p>
 For advanced users: some people reconfigure the GPG pinentry via <tt>gpg-agent.conf</tt>
 by setting <code>pinentry-program</code> to a custom script that decides based on the
 value of environment variable <tt><b>PINENTRY_USER_DATA</b></tt> whether to prompt via
 a GUI dialog or via a terminal. If you have such a setup, make sure the script uses a
 GUI dialog pinentry when the variable is not set. When called via Eclipse,
 <tt><b>PINENTRY_USER_DATA</b></tt> is <em>not</em> set.
 </p>
 </dd>
 </dl>
 </body>
 </html>
	<?xml version='1.0' encoding='utf-8' ?>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
	<!--
	Copyright (C) 2021 Thomas Wolf <thomas.wolf@paranor.ch> and others.

	All rights reserved. This program and the accompanying materials
	are made available under the terms of the Eclipse Public License 2.0
	which accompanies this distribution, and is available at
	https://www.eclipse.org/legal/epl-2.0/

	SPDX-License-Identifier: EPL-2.0
	-->
	<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
	<title>Configuring GPG for use with Eclipse</title>
	<link type="text/css" rel="stylesheet" href="../help/book.css"/>
	</head>
	<body>
	<h1>Configuring GPG for use with Eclipse</h1>
	<p>
	For using an external GPG program with Eclipse, GPG must be configured to use a GUI
	pop-up dialog for user interaction, for instance when asking for key passphrases or
	smartcard PINs.
	</p>
	<p>
	Standard installations of GPG such as the distributions available from
	<a href="https://gnupg.org/download/index.html#sec-1-2">GnuPG</a> are normally
	set up correctly out of the box. But in some cases, GPG on a system may be configured
	to ask the user for passphrases and such always via a terminal (a command window).
	In that case, GPG cannot be used by Eclipse.
	</p>
	<h2>Getting a Passphrase Dialog</h2>
	<p>
	In GPG, it is not the <code>gpg</code> program itself that asks for passphrases.
	Instead, GPG uses a "hidden" system program <code>gpg-agent</code> to manage keys,
	and that <code>gpg-agent</code> program in turn uses yet another program called
	<em>pinentry</em> for actually asking the user for input. When <code>gpg</code>
	is invoked to sign something, it starts <code>gpg-agent</code> if that isn't
	running already. Once started, <code>gpg-agent</code> will continue running in
	the background, and will be re-used by future <code>gpg</code> operations.
	</p>
	<p>
	How GPG asks the user for passphrases is thus determined by how the <code>gpg-agent</code>
	is configured. There are several possible reasons why <code>gpg-agent</code> might
	use a terminal input instead of a GUI dialog:
	</p>
	<dl>
	<dt>Environment variable <b><tt>GPG_TTY</tt></b></dt>
	<dd>
	<p>
	The <code>gpg-agent</code> might have been started with environment variable
	<tt><b>GPG_TTY</b></tt> being set. In that case, it may be sufficient to terminate
	("kill") the currently running <code>gpg-agent</code> process. When called from
	Eclipse, <tt><b>GPG_TTY</b></tt> is <em>not</em> set, so if the Eclipse invokes
	GPG the next time, the <code>gpg-agent</code> should start normally and use a GUI
	dialog.
	</p>
	<p>If that works, figure out where in your system <tt>GPG_TTY</tt> is set and do
	<em>not</em> set it to prevent the problem from re-occurring.
	</p>
	</dd>
	<dt>Fixed <em>pinentry</em> configuration</dt>
	<dd>
	<p>
	The <code>gpg-agent</code> may be configured to use a particular <em>pinentry</em>
	program. This configuration is in a file <tt><b>gpg-agent.conf</b></tt> in the user's
	GPG directory, on Unix at <tt><b>~/.gnupg/gpg-agent.conf</b></tt>, on Windows at
	<tt><b>%APP_DATA%/gnupg/gpg-agent.conf</b></tt>. This file may contain a configuration
	for <code>pinentry-program</code>, which may be set to <code>pinentry-tty</code> or
	<code>pinentry-curses</code>. In this case, remove the line or configure a GUI
	pinentry explicitly, and terminate the currently running <code>gpg-agent</code> process
	and optionally restart it. (Otherwise it will be restarted on the next GPG operation
	automatically.)
	</p>
	</dd>
	<dt>Missing GUI <em>pinentry</em> program</dt>
	<dd>
	<p>
	Your system may not have a <em>pinentry</em> for a GUI dialog installed. This should
	rarely happen, and if so, only with third-party packages of GPG. Install the missing
	pinentry programs on your system using the system's package installation tool.
	</p>
	</dd>
	<dt>Custom <em>pinentry</em> script</dt>
	<dd>
	<p>
	For advanced users: some people reconfigure the GPG pinentry via <tt>gpg-agent.conf</tt>
	by setting <code>pinentry-program</code> to a custom script that decides based on the
	value of environment variable <tt><b>PINENTRY_USER_DATA</b></tt> whether to prompt via
	a GUI dialog or via a terminal. If you have such a setup, make sure the script uses a
	GUI dialog pinentry when the variable is not set. When called via Eclipse,
	<tt><b>PINENTRY_USER_DATA</b></tt> is <em>not</em> set.
	</p>
	</dd>
	</dl>
	</body>
	</html>