On the various and different platforms where I use Emacs and GnuPG encryption, I’ve traditionally always had a bit of a struggle setting up a suitable mechanism for private key passphrase entry, or pinentry.

Recently, I landed upon this extremely easy-to-setup and reliable solution where Emacs and GnuPG can be configured so that Emacs requests the passphrase via its standard minibuffer password entry mechanism, and then passes this through to GnuPG.

Two steps to setup GPG passphrase entry via Emacs minibuffer

Add the following to your ~/.gnupg/gpg-agent.conf:

1
2
3

# this means clients like Emacs can get the password in their own way and push to gpg
# for this to work with Emacs, set epa-pinentry-mode to 'loopback in Emacs
allow-loopback-entry

… and then do gpgconf --reload gpg-agent to reload the config.

After that, add the following to your Emacs init.el and M-x eval-last-sexp it or use any other mechanism to eval:

1

(setq epa-pinentry-mode 'loopback)

… and that’s it!

A little more background

I’m a bit embarrassed that I discovered this so late in life, but happy regardless.

I ran into my first hint about GnuPG’s loopback pinentry mode on this page.

After finding that, I could easily locate the Emacs help of epa-pinentry-mode:

A particularly useful mode is ‘loopback’, which redirects all Pinentry queries to the caller, so Emacs can query passphrase through the minibuffer, instead of external Pinentry program.