Example of 'PINENTRY_USER_DATA which can fulfill the' (envpassphrase) 'task'?
Werner Koch
wk at gnupg.org
Mon Apr 29 13:45:57 CEST 2024
On Mon, 29 Apr 2024 07:03, Bee said:
> But that environment is not passed and used by pinentry - it has no
> knowledge of them. PINENTRY_USER_DATA may exist, but it has no
> knowledge as to how to interpret it. Ergo, some other mechanism must
Its is called "USER DATA" for a reason - you have to decide what to do
with it. If your really really want a passphrase, what about passing
the filename of a file holding the passphrase. Or a socket or some
another secure IPC mechanism locator.
For unattended use the only reason for a passphrase - which protects the
private key against local users - are stupid policy requirements you
have to follow. In all other cases, first come up with an attack tree
to show that a passphrase is of any use for your application.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240429/ffb97089/attachment.sig>
More information about the Gnupg-users
mailing list