Usage of pinentry with keepass2 for gpg mail encryption
The fact that the accepted answer uses the same procedure as described in the question suggests that there is no way to enable KeePass auto-type (or even simple copy-paste) to work with pinentry. However, this is incorrect!
As stated by others, pinentry
programs for gpg-agent
(such as pinentry-gtk-2
) globally lock (“grab”) the keyboard. However, gpg-agent
can be configured to disable this behavior with the --no-grab
option – see the GPG documentation. (Note: This option has a security warning in the documentation. However, if you’re using KeePass anyway, I doubt that using pinentry without --no-grab
will provide you with any additional security.)
In order to use --no-grab
as a default for gpg-agent
, create/edit the file ~/.gnupg/gpg-agent.conf
(i. e. the file gpg-agent.conf
in the .gnupg
directory in your home directory) and add the line
no-grab
to it (information on gpg-agent.conf
in the documentation). Thus, every time gpg-agent
is started from this point on, it will use the --no-grab
option and pinentry-gtk-2
will behave like a normal window (so you can perform auto-type using the keyboard shortcut, paste into the text field etc.).
In Keepass2, "Add Entry," and set "Title" to "GPG." Move from "Entry" tab to "Auto-Type" tab. Select "Override default sequence" and set to "{PASSWORD}".
Before you send email, open Keepass2 with Keepass2 password. Ask IceDove with Enigmail to "Send" and pinentry should appear (locking keyboard, preventing "Ctrl+V" (or any other keyboard shortcut you normally use to perform auto-type), preventing switch windows "Alt+Tab", etc.).
Use mouse to highlight "GPG" entry in Keepass2 and click "Perform Auto-Type" icon in Keepass2 (left of "Find" icon and underneath "Help" menu). As the keyboard "focus" was last on the pinentry text input box, Keepass2 will now start typing your long password for you.
Use mouse to click "OK" on pinentry. Done!
For more details on "Auto-Type" (http://keepass.info/help/base/autotype.html).