Special note - Gnu Privacy Guard version 2

For the most part GPG version 2 is upward compatible with GPG version 1. An important difference between the two is that when GPG v2 invoked via GPGME (such as for example with a JOB command or a command such as ZSYSTEM "mupip create"), there is not a convenient way to avoid invoking an "agent" (by default in /usr/bin/pinentry) that obtains the passphrase for the keyring from the user. When the reference implementation has placed an obfuscated password in the environment, the password should be derived from that obfuscated password, and the user should not be prompted for the password. The solution is to create a GT.M pinentry function (packaged in pinentry-gtm.sh and pinentry.m).

If you are using Gnu Privacy Guard version 2, you need to set the environment variable GTMXC_gpgagent to point to the location of gpgagent.tab. By default, GT.M places gpgagent.tab in the $gtm_dist/plugin/ directory. gpgagent.tab is an external call table that pinentry-gtm.sh uses to create a a GT.M pinentry function.

When the gen_keypair.sh script is executed, it creates a file gpg-agent.conf in the GnuPG directory (~/.gnupg or specified by the environment variable $GNUPGHOME) with the line such as pinentry-program /usr/lib/fis-gtm/V5.4-001_x86/plugin/gtmcrypt/pinetry-gtm.sh which causes /usr/lib/fis-gtm/V5.4-001_x86/plugin/gtmcrypt/pinetry-gtm.sh to be invoked by GnuPG v2 as the pinentry program. If the script finds the environment variable $gtm_passwd to be set, and as well as an executable GT.M, it runs the pinentry.m program which provides GnuPG v2 with the keyring password from the obfuscated password. Otherwise, it calls /usr/bin/pinentry.

If you are using GnuPG v2 with a .gnupg directory not created by gen_keypair.sh, you should create a gpg-agent.conf as described here, substituting the directory where GT.M is actually installed.

The GT.M pinentry function should not be used while changing the keyring passphrase, e.g., the passwd subcommand of the gpg --edit-key command. One way to do this is to temporarily comment out the pinentry-program line in gpg-agent.conf by placing a "#" in front of the line, e.g.:#/usr/lib/fis-gtm/V5.4-001_x86/plugin/gtmcrypt/pinetry-gtm.sh

GT.M versions prior to V5.4-001 are not compatible with GPG 2.x?.