sendings passwords with gpg-agent? (was Re: gnupg1 still needed?)
marcus.brinkmann at ruhr-uni-bochum.de
Mon Jul 21 11:05:09 CEST 2008
At Fri, 18 Jul 2008 11:11:19 -0700,
Adam Milazzo <adam at adammil.net> wrote:
> Klaus Singvogel wrote:
> > Please note either
> > that SUSE Linux dropped the support for gpg1 since 10.3 (Oct 2007),
> > and is shipping gpg2 only now.
> Well, this makes me wonder, then.
> gpg1 allows programs to send passwords using --command-fd. gpg2 always
> uses gpg-agent, and never asks for passwords on the --command-fd. Is
> there a way to get something equivalent on gpg2, though? i.e., can a
> program hook into the gpg-agent in such a way as to provide its own UI
> for password entry?
I am not aware of such an option with gpg2, but note that you will
never get it in all circumstances. Consider smart cards used on a
terminal with a number pad. In this case, you really do not want the
pin number to go through the application.
It is best to consider gpg2 with this use case in mind. Just forget
about secret key handling and passphrases and such. They are not the
business of applications any more with gpg2.
Now, in case you really want this, you can replace the pinentry
program. There is currently no easy way to do this (you need to set
up your own gnupghome for it). But conceptually, the pinentry program
is the component you want to replace if you want to change its GUI.
Yes, this is harder to integrate into the application. This is on
purpose, see above.
More information about the Gnupg-devel