Integrate pinentry-mac into pinentry

Patrick Brunschwig patrick at
Sun Feb 22 16:13:19 CET 2015

Hash: SHA256

On 22.02.15 13:17, Roman Zechmeister wrote:
> Hello!
>> It seems there's now, which 
>> is based on the original pinentry.
> This repo is my quick check, if it's possible to integrate 
> pinentry-mac into pinentry. It's more or less our code for 
> pinentry-mac, copied into the sub-dir macosx. The most of the code
>  is old and ugly, but it works. So i'm thinking about a complete 
> rewrite.

That's a _very_ good idea!

> There are some points, i want to clear, before i start to work on 
> this:
> 1. On Mac OS X it's standard to use Xcode for builds and we're 
> using it for pinentry-mac and all of our other tools. Is it okay 
> for you, if we're using an Xcode-Project and Xcode, instead of 
> plain automake, to build pinentry for Mac OS X?

I'd say that this should be OK. Automake should probably simply be
able to determine that it's compiling for OS X and then use the XCode

> 2. Should we compile the required source-code from pinentry direct
>  into pinentry-mac (as we do actually) or should we link against 
> the libs?

I would prefer the same approach as all other pinentry-frontends, that
is, libpinentry.a is linked into the frontend.

> 3. pinentry-mac allows the user to store the passphrase in the Mac
>  OS X keychain, by selecting a checkbox. To make this possible, 
> we're patching gpg-agent, to pass the cacheid to pinentry. (OPTION
>  cache-id=xxx) Without this option – e.g. upstream gpg-agent – 
> pinentry-mac doesn't allow the user to store the passphrase. How 
> should we solve this in the future?
> 4. pinentry-mac allows the calling app to define a custom message 
> to show. This is implemented using PINENTRY_USER_DATA. We allow 
> placeholders like %KEYID and %USERID. To fill the placeholders, we
>  parse the description from pinentry. This works in the most
> cases. The reason for this feature is, to allow some more
> informative and readable messages. e.g. We can tell the user for
> which email/file, he enters the passphrase. What do you think about
> that? Is this a desirable feature for pinentry?

I think this is a desirable feature of pinentry in general. Other
tools could profit from it as well.

> 5. Using PINENTRY_USER_DATA we also allow to set a custom icon to 
> be shown, like the standard Mac OS X security dialog. Opinions?

Same as above.

- -Patrick
Version: GnuPG v2


More information about the Gnupg-devel mailing list