Macbook Pro devices without Touch ID are currently not supported. These devices > lack a Touch ID sensor and while the alternative offered by Apple is to use (if available) an Apple Watch, this feature it is not yet implemented.
If the password entry for the given key cannot be found in the Keychain we fallback to the pinentry-mac program to get the password. We recommend preventing pinentry-mac from storing the password: uncheck the Save in keychain checkbox in the dialog.
If a password entry is found the user will be shown the Touch ID dialog and upon successful authentication the password stored from the keychain will be returned to the gpg-agent.
If a password entry is found but is not "owned" by the pinentry-touchid program after the successful authentication with Touch ID, a normal password will be shown. This is an extra step enforced by the macOS keychain. In this dialog click Always allow after entering the password. This will allow pinentry-touchid to access the password entry without the need to type the additional password, but still, the access to the password will be guarded by Touch ID.
As part of our release process we keep an updated Homebrew Formula. To install pinentry-touchid using homebrew execute the following commands: