pinentry for Android questions

Werner Koch wk at
Mon Nov 12 12:58:00 CET 2012


On Sun, 11 Nov 2012 21:15, abel at said:
> The goal then is to create a pinentry that launches a non-blocking gui
> (simple CLI command), then communicates over a unix domain socket with
> the Android app that interacts with the user.

very good. I believe that is the best option for now.  If we later
notice that we need to change something to save on certain resources, we
can re-consider this. It is an internal API and thus easy to replace.

> How relevant are the following options to the above plan?
> --keep-tty

That is X server specific.  You can ignore it.

> --no-grab

Does not make sense.  It mostly a debugging option for X.  The grab
keyboard and mouse thing should be replaced by Android's way of
protecting PIN/passphrase widgets.

> --allow-loopback-pinentry

This is quite new and designed to be used by server applications.  In
fact. gpg2.1 has no support for it now.  The idea is that an application
using gpg-agent for passphrase entry, private key, or card operations
can avoid the use of a pinentry and instead directly send the passphrase
(via a callback mechanism).  For example a web mail server could use
this feature instead of resorting to the pinentry-wrapper hack.

> It seems this would be more feasible to implement as a modifier version
> of pinentry/pinentry[-curses].[c,h] Does that sound reasonable, or do
> you suggest a different codebase to use as a starting point?

Please use that code base and create a branch during the development



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list