pinentry: How to get key id?
Lukas Haase
lukashaase at gmx.at
Wed Dec 4 06:45:09 CET 2013
On 2013-12-03 5:37, Werner Koch wrote:
> On Sat, 30 Nov 2013 06:18, lukashaase at gmx.at said:
>
>> Is there a way to find the key id for which the password is queried,
>> e.g. within the pinentry_loop2 or better, the w32_cmd_handler function?
>
> No. The keyid is an OpenPGP specific datum and useless with other
> protocols. gpg-agent does not know about OpenPGP but only about the
> keys. Therefore it uses a protocol-neutral identification string for
> keys, dubbed “keygrip”.
That's sad. Then I indeed need to do pattern matching :(
The string that's displayed, is it directly an output from gpg executeable?
> [...]
> If you need to automate pinentry, you should first ask yourself, why you
> need to supply a passphrase. Most likely this is an unattended system
> and then a passphrase to protect the key does not make anything more
> secure - the passphrase is stored somewhere in the clear anyway.
I kindly ask to not start pro/contra discussions regarding that.
Still, as an explanation: It's not an unattended system. I may want to
store the keys password-encrypted but still decide for myself where the
passphrase comes from. For example, I may have a central, trusted
password database with many passwords securely stored and only
"unlocked" when needed, on request. They could be supplied in a more
convenient way than, e.g., typing them off or copying through the clipboard.
> [...]
> If that all does not help, you need to wait for GnuPG 2.1 which may work
> without a pinentry by providing an internal loopback and thus the gpgme
> passphrase callback can be used again.
That sounds exactly what I am looking for, still, pattern matching seems
to be the one way currently.
Luke
More information about the Gnupg-devel
mailing list