gpg-agent and allow-loopback-pinentry
Patrick Brunschwig
patrick at enigmail.net
Sun Dec 28 17:06:36 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 28.12.14 06:59, NIIBE Yutaka wrote:
> On 12/26/2014 09:35 PM, Patrick Brunschwig wrote:
>> I would like to be able to have the user enter type the
>> passphrase in my application and then request gpg to do its job.
>> But with gpg 2.1 this is simply not possible.
>
> Perhaps, it's due to the design of newer GnuPG as a whole. It's
> (partially) possible with loopback mode, though.
>
> Let me explain my understandings. Here is a figure which shows the
> relationship:
>
> user [some mail user agent like thunderbird] gpg frontend or gpgme
> library gpg agent <--------------------------------> pinentry
> secret handled by libgcrypt -OR- by scdaemon smartcard/token
>
> It is gpg-agent which calls pinentry, on demand. There are some
> use cases when PIN is not asked back through host PC.
>
> (1) A smartcard can be configured requiring PIN input at the first
> use only, but not requiring everytime.
>
> (2) It is also possible, for some smartcard reader, to ask user
> PIN input by its pinpad, not through host PC.
>
> I understand that application developers have to care controlling
> its passphrase input, and it's largest use cases. But, please
> understand there are some people who want control the input in
> different ways, with valid reasons.
That's all clear and understood, and I have no issue with it. My only
problem is that it's difficult (and awkward) for an application that
wraps GnuPG to enable the loopback mode -- it requires to modify
gpg-agent.conf and restart gpg-agent.
- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJUoCqKAAoJEMk25cDiHiw+wY8H/RlBg22MRVEmtvEnhehAl0ph
NuqjpIXsPhS6Ny72a0VlFoCSHrMb26JITH+0NMIcYEds4JlIqSLrCLWdmIEwi/pH
dfx3E9xTdKBOoZAJGMmDpvQnS46Gk7LfakfOYTj2DvhcoEGgbD9yQIdNJ94MqkYd
23OHINZxFtDd46jTK+c/HCgGNbt2cIUi0yATen9nAvciqDxV1Of4MSpR6oYYNhQa
NqGzJYyquNuj8m5ukHsfp8Ogr0boLzYloNPpEib2BwuhjuIIoB4nziPd9Dl+swsU
9XFM13O9DCg9S+gX8pFnJQZdEi/np0Rl4GiYIBiHN1qfil8Q0AaWrTmeOJBK+Kw=
=NxMT
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list