Integrate pinentry-mac into pinentry

Patrick Brunschwig patrick at enigmail.net
Sun Feb 22 16:13:19 CET 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 22.02.15 13:17, Roman Zechmeister wrote:
> Hello!
> 
>> It seems there's http://github.com/GPGTools/pinentry now, which 
>> is based on the original pinentry.
> 
> This repo is my quick check, if it's possible to integrate 
> pinentry-mac into pinentry. It's more or less our code for 
> pinentry-mac, copied into the sub-dir macosx. The most of the code
>  is old and ugly, but it works. So i'm thinking about a complete 
> rewrite.

That's a _very_ good idea!

> There are some points, i want to clear, before i start to work on 
> this:
> 
> 1. On Mac OS X it's standard to use Xcode for builds and we're 
> using it for pinentry-mac and all of our other tools. Is it okay 
> for you, if we're using an Xcode-Project and Xcode, instead of 
> plain automake, to build pinentry for Mac OS X?

I'd say that this should be OK. Automake should probably simply be
able to determine that it's compiling for OS X and then use the XCode
project.

> 2. Should we compile the required source-code from pinentry direct
>  into pinentry-mac (as we do actually) or should we link against 
> the libs?

I would prefer the same approach as all other pinentry-frontends, that
is, libpinentry.a is linked into the frontend.

> 3. pinentry-mac allows the user to store the passphrase in the Mac
>  OS X keychain, by selecting a checkbox. To make this possible, 
> we're patching gpg-agent, to pass the cacheid to pinentry. (OPTION
>  cache-id=xxx) Without this option – e.g. upstream gpg-agent – 
> pinentry-mac doesn't allow the user to store the passphrase. How 
> should we solve this in the future?
> 
> 4. pinentry-mac allows the calling app to define a custom message 
> to show. This is implemented using PINENTRY_USER_DATA. We allow 
> placeholders like %KEYID and %USERID. To fill the placeholders, we
>  parse the description from pinentry. This works in the most
> cases. The reason for this feature is, to allow some more
> informative and readable messages. e.g. We can tell the user for
> which email/file, he enters the passphrase. What do you think about
> that? Is this a desirable feature for pinentry?

I think this is a desirable feature of pinentry in general. Other
tools could profit from it as well.

> 5. Using PINENTRY_USER_DATA we also allow to set a custom icon to 
> be shown, like the standard Mac OS X security dialog. Opinions?

Same as above.

- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJU6fINAAoJENsRh7ndX2k79YEP/21NKT2rT/ntCfXbxURn4Ssx
DgJ5EMe0gGZcNk/3iox8QCvvyiIZVgsoc4XtLTaMS76PC74yOywdq7rXsUk2GA/4
o02LyfQpWC4YywrsdGTTgHrz2xgowiwhHPvekFodszdjBIM/K3i5aVm0ZczgCCDp
LxdVU+/Ba05EfQDSmJ36JBow+glOobKfcR9av3AfKo9O6CkHmYp+7lPiEx1vIELq
gWXKcMjN4tiFz9b6Uh68OYB8UiZ8/DT5g3LOIIvF1Fb/O9Q4ObutofEm7gp3Qngp
8jw20dQQZX9JH4sLgTLCWA7g98xXwMGv9576Z1gCjA/tj/2JtisUh2y+sSrzyQVY
iRfsmkhn3B2X8UNK3scUjlp9jFTC7GSBTP/fQehLQo/r27v2Ln0ScL1mHkAS/157
rB3bz4/O6zNyY8e1WvhiU/dRzM64RDoTAGSeAz8l3OeAWx82arV6ai+no8fY8DWP
2ixxVDVefZ8dNLliEyoAme+vi6j4jCvYOJeNT42IOnjVItY7gvxK64uGuBXGZ52X
32qJ7Xq01oIqWN1B6Fyo9JSfHPyfUuHA7SxNkKf5+duTU+i3UNtFBcZ48rGx8hA4
o7i0ki9Q5pOihzfXWZnBMOFfbGnrAlWOsr8oN9PITI7ce2ZtDpZet53Y29FxF1Bu
EcqFrjmcZcKT+cAM4LCB
=xEeO
-----END PGP SIGNATURE-----

More information about the Gnupg-devel mailing list