If you use Enigmail in Thunderbird over a SSH connection, sometimes you cannot input the passphrase for your private GPG key. pinentry-qt / pinentry-gnome3 / pinentry-gtk2 are not showing any dialog boxes.
Here is a workaround: You can cache the passphrase with gpg-agent, even if Thunderbird is already running. Enigmail will then use the cached passphrase from gpg-agent, because it runs gpg2 commands in a subshell in order to encrypt or sign messages.
Connect to the server using x11forwarding:
$ ssh -Y server
Note your DISPLAY environment variable:
$ echo $DISPLAY localhost:10.0
Unset / delete the DISPLAY environment variable:
Export GPG_TTY environment variable for gpg:
Make sure that gpg-agent is running:
$ ps aux | grep gpg-agent user 2058 0.0 0.0 168068 2228 ? Ss Nov10 0:07 gpg-agent --homedir /home/user/.gnupg --use-standard-socket --daemon
Insert the passphrase for your GPG key in gpg-agent by signing a dummy message. Make sure that you enter your passphrase in the pinentry tui not the gpg command prompt.
$ echo test | gpg2 --use-agent -s
The passphrase you are about to enter should be cached by gpg-agent. The cache lifetime is controlled by settings in ~/.gnupg/gpg-agent.conf . Now set the DISPLAY environment variable again to run Thunderbird. Use the value from previous command.
Start Thunderbird. You should now be able to sign and encrypt email messages with Enigmail without having to enter your gpg passphrase again because it is already cached by gpg-agent.