prompt for pin before operations

Werner Koch wk at
Tue Jun 18 11:05:39 CEST 2013

On Wed,  5 Jun 2013 14:30, abel at said:

> A standard --sign --encrypt on a large file can take some time,
> especially on an ARM device like most Android phones.
> Currently, GnuPG is encrypting the data and then invoking pinentry for
> the sign operation. This is a usability problem on Android, as the user

I recall that we had a similar bug report in the past.  I can't remeber
the details and the BTS doesn't reveal anything. 

> Is it possible to force GnuPG to prompt for the pin before invoking a
> potentially long-running operation?

With 2.1 the agent handles the signing and it needs the hash of the
message to be signed before it can pop up the pinentry.  What we need is
a prepare signing command for the agent to get the key ready before it
received the data to be hashed.  This is possible but we would either
need to always use this feature or delay it until we have detected that
there is a lot of plaintext to be processed. 

This will be quite some work and would delay 2.1.0 even more.  Shall we
put it on a wishlist for 2.1.n ?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list