gpg-agent and allow-loopback-pinentry
gniibe at fsij.org
Sun Dec 28 06:59:49 CET 2014
On 12/26/2014 09:35 PM, Patrick Brunschwig wrote:
> I would like to be able to have the user enter type the passphrase in my
> application and then request gpg to do its job. But with gpg 2.1 this is
> simply not possible.
Perhaps, it's due to the design of newer GnuPG as a whole. It's
(partially) possible with loopback mode, though.
Let me explain my understandings. Here is a figure which shows
[some mail user agent like thunderbird]
gpg frontend or gpgme library
gpg agent <--------------------------------> pinentry
secret handled by libgcrypt
It is gpg-agent which calls pinentry, on demand. There are some use
cases when PIN is not asked back through host PC.
(1) A smartcard can be configured requiring PIN input at the first use
only, but not requiring everytime.
(2) It is also possible, for some smartcard reader, to ask user PIN
input by its pinpad, not through host PC.
I understand that application developers have to care controlling its
passphrase input, and it's largest use cases. But, please understand
there are some people who want control the input in different ways,
with valid reasons.
Well, smartcard reader could be compromised to spy users' pinpad
More information about the Gnupg-devel