Integrate pinentry-mac into pinentry
Werner Koch
wk at gnupg.org
Tue Feb 24 11:39:13 CET 2015
On Sun, 22 Feb 2015 16:13, patrick at enigmail.net said:
> That's a _very_ good idea!
Seconded.
> I'd say that this should be OK. Automake should probably simply be
> able to determine that it's compiling for OS X and then use the XCode
> project.
Nope. That that is a bad idea. The build system is based on standard
Makefiles generated via automake and autoconf and I am strongly against
any other build systems. We have this discussion every few years
related to Windows and I do not want to repeat this. It is important to
be able to cross-build everything using a free (and audit-able platform).
Form my understanding Xcode is a non-text proprietary thing like Visual
Studio projects for Windows.
If there is a sound reason why _autoconf_ can't work on that platform, a
dedicated config file might be acceptable (cf. the VMS port). But for a
BSD based OS I can's see a compelling reason.
>> 4. pinentry-mac allows the calling app to define a custom message
>> to show. This is implemented using PINENTRY_USER_DATA. We allow
>> placeholders like %KEYID and %USERID. To fill the placeholders, we
>> parse the description from pinentry. This works in the most
>> cases. The reason for this feature is, to allow some more
>> informative and readable messages. e.g. We can tell the user for
>> which email/file, he enters the passphrase. What do you think about
>> that? Is this a desirable feature for pinentry?
>
> I think this is a desirable feature of pinentry in general. Other
> tools could profit from it as well.
This violates the security barrier of gpg-agent. Any application could
trick a user into doing things he does not want. For keys controlled by
gpg-agent the shown key identification should come from gpg-agent
without any user overridable string.
It is a different thing to allow additional information to be displayed.
If there is a need for it it can be added but it should be specified in
the gpg-agent/pinentry protocol.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list