gpg-agent and allow-loopback-pinentry
Werner Koch
wk at gnupg.org
Fri Jan 2 14:18:17 CET 2015
On Tue, 30 Dec 2014 23:33, dkg at fifthhorseman.net said:
> to be honest, when i've watched users set up enigmail with GnuPG for the
> first time, they're often confused by the fact of a password for the key
> in the first place.
Right, I bet that 80% of all users do not fully understand for what the
passphrase is used. It is even questionable whether a passphrase
protected key is useful for a non-mobile computer given that attacker
able to grab a protected key will in most cases also be able to
install a keylogger.
> And an OpenPGP key by default is not the same thing as a web service,
> either.
Right - Documentation should stree that point.
> What about generating the key with no passphrase initially, and
> presenting a big "protect this key with a passphrase" button to the user
> when no passphrase is set?
Given the above scenario I actually kind of like that.
> * passphraseless keys will be written to the filesystem and might not
> ever be erased.
>
> * some users will never click the "protect this key with a passphrase"
> button.
As an alternative we could keep the key in memory (gpg-agent is running
in the background) and only write it to the disk once a change
passphrase has been done. We would also not allow to send the key to a
keyserver before it has not been passphrase protected.
Instead of "please protect your key now" we could use a "you now need to
test your key" and in course of that setup a passphrase. Creating a
signed message and decrypt an automagically created message would also
help to remember the passphrase.
> * it's not clear to me whether there's an easy way for enigmail to tell
> whether the secret key in question has a passphrase set on it or not
gpg-agent has this command:
> help keyinfo
# KEYINFO [--[ssh-]list] [--data] [--ssh-fpr] [--with-ssh] <keygrip>
# KEYINFO <keygrip> <type> <serialno> <idstr> <cached> <protection> <fpr>
# PROTECTION describes the key protection type:
# 'P' - The key is protected with a passphrase,
# 'C' - The key is not protected,
# '-' - Unknown protection.
Enigmail can use it via gpg-connect-agent to check for a key or we can
add a wrapper command to gpg. If a keep-in-memory-until-passwd approach
would be implemented this command can also be used to return relevant
info.
> I don't know if there are any usability studies that would help make
> this decision easier.
Anyone who has time to research this?
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list