Setting up pin-entry for GPG under macOS

Categories Guides , ,

 You need a passphrase to unlock the secret key

You may run across this console error when attempting to use a GPG key under macOS … when signing a Git commit for example. You’ll need to setup pin-entry to provide a GUI prompt for the passphrase or pin.

 Setting up pin-entry

Installing prerequisites

$ brew install gnupg gpg-agent pinentry-mac

Configuration files

Append to ~/.profile

if [ -f ~/.gnupg/.gpg-agent-info ] && [ -n "$(pgrep gpg-agent)" ]; then
    source ~/.gnupg/.gpg-agent-info
    export GPG_AGENT_INFO
else
    eval $(gpg-agent --daemon --write-env-file ~/.gnupg/.gpg-agent-info)
fi

Create/modify the following GPG files

$ mkdir -p ~/.gnupg

~/.gnupg/gpg.conf

use-agent

~/.gnupg/gpg-agent.conf

use-standard-socket
pinentry-program /usr/local/bin/pinentry-mac
default-cache-ttl 600
max-cache-ttl 7200

 Configure your GIT repo

$ git config --global user.signingkey <PUBLIC-KEY-ID>
$ git config --global commit.gpgsign true
  • Omit the --global option to set a different key for a specific repo.
  • Need to lookup your key id? Check out the GPG Tech Article.
$ git tag -sm 'Signed tag 1.0' v1.0