gopass setup --crypto age conceals generated passphrase, making setup impossible

[twpayne]

Summary

When running gopass setup --crypto age in a terminal with no GUI (e.g. when SSH'ed into another machine), the pinentry dialog conceals the generated passphrase, so the user cannot see it to enter it.

Steps To Reproduce

1. SSH into a machine with gopass 1.15.15 installed.
2. Run gopass setup --crypto age.
3. At the ⚠ Do you want to enter a passphrase? (otherwise we generate one for you) [y/N/q]: prompt, hit enter to accept the default N.
4. The curses pinentry dialog now fills the terminal screen, asking to read the age keyring from $HOME/.config/gopass/age/identities., however the user cannot see the generated passphrase, and so cannot know what the passphrase is.

Expected behavior

The user should be shown the generated passphrase before being asked to enter it.

Environment

• OS: Ubuntu 24.04
• OS version: Linux ubuntu 6.8.0-51-generic #52-Ubuntu SMP PREEMPT_DYNAMIC Thu Dec 5 13:09:44 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
• gopass Version: gopass 1.15.15 go1.23.3 linux amd64
• Installation method: untar'd binary from gopass's GitHub releases page.

Additional context

Canceling the pinentry dialog shows that gopass did print the generated passphrase before calling pinentry, but the user has no chance to see it.

The user should be given a chance to read the passphrase before opening the pinentry program.

Unrelated: https://www.gopass.pw/#install shows that latest version of Gopass is 1.15.14, which is not correct.

[dominikschulz]

The curses pinentry dialog now fills the terminal screen - I guess most users don't use the curses pinentry version.

I'm pretty sure we do print the password but we don't wait before asking the user to enter the password.
So we'll need a prompt before asking.