Integrate pinentry-mac into pinentry

Roman Zechmeister Mento at
Sun Feb 22 17:55:08 CET 2015

Hello Jonathan!

> This could be used to trick the user into thinking he's doing the right thing when in fact he's not. What if you just don't use %KEYID, but write another key ID there that the user expects, when in fact you sign for something else?

If you want to trick a user, you could simply run they few lines below. So i don't think that's a reason to not add feature.

string='GET_PASSPHRASE 12345678 X Passphrase Please+enter+the+passphrase+'\
'<user at>%22%0A4096-bit+RSA+key,+ID+12345678,%0Acreated+1503-02-29.%0A'
gpg-agent --server <<<"$string" 2>/dev/null | sed -n '2s/OK //p' | xxd -p -r

Regards, Mento

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20150222/4319ce5e/attachment.sig>

More information about the Gnupg-devel mailing list