gpg-agent and allow-loopback-pinentry
Werner Koch
wk at gnupg.org
Mon Dec 29 10:56:16 CET 2014
On Sun, 28 Dec 2014 17:06, patrick at enigmail.net said:
> problem is that it's difficult (and awkward) for an application that
> wraps GnuPG to enable the loopback mode -- it requires to modify
> gpg-agent.conf and restart gpg-agent.
The reason why you need to enable the loopback mode is that this breaks
a design goal of only allowing the gpg-agent (+scdaemon) to handle the
private keys and the passphrases for it. If a user does not want this
protection he needs to explicitly disable it.
I met Nico here at the 31C3 and we more or less agreed that we need to
make it work by fixing the Mac pinentry and possible some other problems
which arise on Windows. That will be much easier than implementing the
passphrase entry in each application and thereby confusing the user with
different passphrase entry systems.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list