Usage of pinentry with keepass2 for gpg mail encryption

The fact that the accepted answer uses the same procedure as described in the question suggests that there is no way to enable KeePass auto-type (or even simple copy-paste) to work with pinentry. However, this is incorrect!

As stated by others, pinentry programs for gpg-agent (such as pinentry-gtk-2) globally lock (“grab”) the keyboard. However, gpg-agent can be configured to disable this behavior with the --no-grab option – see the GPG documentation. (Note: This option has a security warning in the documentation. However, if you’re using KeePass anyway, I doubt that using pinentry without --no-grab will provide you with any additional security.)

In order to use --no-grab as a default for gpg-agent, create/edit the file ~/.gnupg/gpg-agent.conf (i. e. the file gpg-agent.conf in the .gnupg directory in your home directory) and add the line

no-grab

to it (information on gpg-agent.conf in the documentation). Thus, every time gpg-agent is started from this point on, it will use the --no-grab option and pinentry-gtk-2 will behave like a normal window (so you can perform auto-type using the keyboard shortcut, paste into the text field etc.).


In Keepass2, "Add Entry," and set "Title" to "GPG." Move from "Entry" tab to "Auto-Type" tab. Select "Override default sequence" and set to "{PASSWORD}".

Before you send email, open Keepass2 with Keepass2 password. Ask IceDove with Enigmail to "Send" and pinentry should appear (locking keyboard, preventing "Ctrl+V" (or any other keyboard shortcut you normally use to perform auto-type), preventing switch windows "Alt+Tab", etc.).

Use mouse to highlight "GPG" entry in Keepass2 and click "Perform Auto-Type" icon in Keepass2 (left of "Find" icon and underneath "Help" menu). As the keyboard "focus" was last on the pinentry text input box, Keepass2 will now start typing your long password for you.

Use mouse to click "OK" on pinentry. Done!

For more details on "Auto-Type" (http://keepass.info/help/base/autotype.html).