Integrate pinentry-mac into pinentry
patrick at enigmail.net
Sun Feb 22 16:13:19 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 22.02.15 13:17, Roman Zechmeister wrote:
>> It seems there's http://github.com/GPGTools/pinentry now, which
>> is based on the original pinentry.
> This repo is my quick check, if it's possible to integrate
> pinentry-mac into pinentry. It's more or less our code for
> pinentry-mac, copied into the sub-dir macosx. The most of the code
> is old and ugly, but it works. So i'm thinking about a complete
That's a _very_ good idea!
> There are some points, i want to clear, before i start to work on
> 1. On Mac OS X it's standard to use Xcode for builds and we're
> using it for pinentry-mac and all of our other tools. Is it okay
> for you, if we're using an Xcode-Project and Xcode, instead of
> plain automake, to build pinentry for Mac OS X?
I'd say that this should be OK. Automake should probably simply be
able to determine that it's compiling for OS X and then use the XCode
> 2. Should we compile the required source-code from pinentry direct
> into pinentry-mac (as we do actually) or should we link against
> the libs?
I would prefer the same approach as all other pinentry-frontends, that
is, libpinentry.a is linked into the frontend.
> 3. pinentry-mac allows the user to store the passphrase in the Mac
> OS X keychain, by selecting a checkbox. To make this possible,
> we're patching gpg-agent, to pass the cacheid to pinentry. (OPTION
> cache-id=xxx) Without this option – e.g. upstream gpg-agent –
> pinentry-mac doesn't allow the user to store the passphrase. How
> should we solve this in the future?
> 4. pinentry-mac allows the calling app to define a custom message
> to show. This is implemented using PINENTRY_USER_DATA. We allow
> placeholders like %KEYID and %USERID. To fill the placeholders, we
> parse the description from pinentry. This works in the most
> cases. The reason for this feature is, to allow some more
> informative and readable messages. e.g. We can tell the user for
> which email/file, he enters the passphrase. What do you think about
> that? Is this a desirable feature for pinentry?
I think this is a desirable feature of pinentry in general. Other
tools could profit from it as well.
> 5. Using PINENTRY_USER_DATA we also allow to set a custom icon to
> be shown, like the standard Mac OS X security dialog. Opinions?
Same as above.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Gnupg-devel