gpg-agent and allow-loopback-pinentry

Patrick Brunschwig patrick at
Fri Dec 26 13:35:47 CET 2014

What is the reason to require gpg-agent to be started with
"allow-loopback-pinentry" if "--pinentry-mode loopback" should be used?

Furthermore, why can this option only be changed by modifying
gpg-agent.conf (i.e. before the agent is started)?

I consider this an additional hassle for external programs like Enigmail
that offer key creation. The main reason for my question is that the
pinentry dialog is not user-friendly enough, especially for key creation:

1. There is no explanation why a password is required (and why again)
2. There is no feedback for the user about the quality of the passphrase.

I would like to be able to have the user enter type the passphrase in my
application and then request gpg to do its job. But with gpg 2.1 this is
simply not possible.


More information about the Gnupg-devel mailing list