gopass init --crypto age fails if pgp tools are not installed.

[joe-getcouragenow]

Summary

gopass init --crypto age fails if pgp tools such as pinentry-mac are not installed.

I am using age because for end users its so much easier for them, in that pinentry-mac is not needed.
How about

Steps To Reproduce

gopass init --crypto age
[init] Initializing a new password store ...

Error: failed to initialize store: failed to read user input: pinentry Error: exec: "pinentry-mac": executable file not found in $PATH

Expected behaviour

Should not require the user to have pinentry-mac, since they are not using pgp as the basis of their crypto.

Environment

• OS: Mac OS X Big sur

• OS version:
  uname -a
  Darwin x-MacBook-Pro.local 20.1.0 Darwin Kernel Version 20.1.0: Sat Oct 31 00:07:11 PDT 2020; root:xnu-7195.50.7~2/RELEASE_X86_64 x86_64

• gopass Version:
  gopass --version
  gopass 1.10.1-git+HEAD go1.15.5 darwin amd64

• Installation method: source

Additional context

Am integrating gopass with sops and age.

[AnomalRoil]

Seems this is currently by design:

gopass/internal/backend/crypto/age/askpass.go

Line 41 in 4d75c3c

return pinentry.New()

We use pinentry to ask for passwords.

Now the question becomes: should we have an alternative that allows to not have pinentry?
@dominikschulz opinion?

[joe-getcouragenow]

suggest using this : github.com/Songmu/prompter

looks battle tested: https://github.com/search?l=Go&q=github.com%2FSongmu%2Fprompter&type=Code

is cross platform also

[FiloSottile]

FWIW, pinentry-mac does not require gpg and aside from using Assuan as the protocol, is a fairly independent tool.

https://formulae.brew.sh/formula/pinentry-mac

yubikey-agent also depends on pinentry-mac and doesn't use PGP.

[ckolumbus]

According to my understanding, pinentry and gpg/pgp are completely independent. The implementation of finding the pinentry executable is quite static in gopass, so one option could be to make it changeable via env variables or some other means. I don't know whether this makes sense under OSX (not much experience there, yet). but at least gpg-agent has a config option for setting the actual pinentry program to switch between gui and terminal pinentry versions. Some programs even have internal fall-back options.

BTW: brew let's you install pinentry-mac independently of pgp/gpg.

Whereas : for gopass as a command-line tool I ask myself how often we really need a GUI pinentry dialog, and whether prompter could actually be an option

[dominikschulz]

pinentry is important for several core use cases, but falling back to reading a password from the command line might be an option. Not sure if I want to add that complexity, but we can consider it.

We wouldn't need to use prompter, we have a helper lib that does the same thing already. But if prompter (or some other lib) proves to be more robust refactoring that might be a new cleanup, too.

[ckolumbus]

we have a helper lib that does the same thing already.

Then the easiest would be to have this as a fallback if no pinentry is found. No need to get new dependencies if something exist.

[dominikschulz]

@ckolumbus

I have created #1697, but I'm still not sure if I want to merge this. Let me know what you think.
If you want to have it merged please test it and report if it solves your issue.

[ckolumbus]

@dominikschulz some late feedback!

Let me know what you think.

I looked at #1697 and looks very good to me!