gpg-agent and allow-loopback-pinentry

Patrick Brunschwig patrick at enigmail.net
Sun Dec 28 17:06:36 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 28.12.14 06:59, NIIBE Yutaka wrote:
> On 12/26/2014 09:35 PM, Patrick Brunschwig wrote:
>> I would like to be able to have the user enter type the
>> passphrase in my application and then request gpg to do its job.
>> But with gpg 2.1 this is simply not possible.
> 
> Perhaps, it's due to the design of newer GnuPG as a whole.  It's 
> (partially) possible with loopback mode, though.
> 
> Let me explain my understandings.  Here is a figure which shows the
> relationship:
> 
> user [some mail user agent like thunderbird] gpg frontend or gpgme
> library gpg agent <--------------------------------> pinentry 
> secret handled by libgcrypt -OR- by scdaemon smartcard/token
> 
> It is gpg-agent which calls pinentry, on demand.  There are some
> use cases when PIN is not asked back through host PC.
> 
> (1) A smartcard can be configured requiring PIN input at the first
> use only, but not requiring everytime.
> 
> (2) It is also possible, for some smartcard reader, to ask user
> PIN input by its pinpad, not through host PC.
> 
> I understand that application developers have to care controlling
> its passphrase input, and it's largest use cases.  But, please
> understand there are some people who want control the input in
> different ways, with valid reasons.

That's all clear and understood, and I have no issue with it. My only
problem is that it's difficult (and awkward) for an application that
wraps GnuPG to enable the loopback mode -- it requires to modify
gpg-agent.conf and restart gpg-agent.

- -Patrick


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJUoCqKAAoJEMk25cDiHiw+wY8H/RlBg22MRVEmtvEnhehAl0ph
NuqjpIXsPhS6Ny72a0VlFoCSHrMb26JITH+0NMIcYEds4JlIqSLrCLWdmIEwi/pH
dfx3E9xTdKBOoZAJGMmDpvQnS46Gk7LfakfOYTj2DvhcoEGgbD9yQIdNJ94MqkYd
23OHINZxFtDd46jTK+c/HCgGNbt2cIUi0yATen9nAvciqDxV1Of4MSpR6oYYNhQa
NqGzJYyquNuj8m5ukHsfp8Ogr0boLzYloNPpEib2BwuhjuIIoB4nziPd9Dl+swsU
9XFM13O9DCg9S+gX8pFnJQZdEi/np0Rl4GiYIBiHN1qfil8Q0AaWrTmeOJBK+Kw=
=NxMT
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list