gpg-agent and allow-loopback-pinentry
Werner Koch
wk at gnupg.org
Fri Jan 2 16:02:02 CET 2015
On Fri, 2 Jan 2015 15:13, patrick at enigmail.net said:
> and recommendation was to design the key creation dialog as follows:
>
> ----------------------------------------
> *Key Creation*
>
> Your _public key_ is used by others to send you encrypted messages. You
> can be distribute it to anyone."
>
> Your _private key_ is required for you to decrypt received mails and to
> send signed mails. You should not give it to anyone. To secure your
> private key, please enter a passphrase below.
>
> *Important:* your passphrase is not your private key.
>
> Passphrase : [ ]
> Confirm passphrase: [ ]
>
> Password Quality: [color bar]
> ----------------------------------------
I am not a UX expert but with my facebook-user-hat on I see a lot of
text which describes something but does not explain what the passphrase
is. "is not your private key" - well, what is it then?
The prominent passphrase entry with quality bar and a bold "important"
flag creates the impression that the passphrase is really important for
security.
There is also no exercise to make sure the passphrase is remembered
after a few minutes. Many people rely on the "forget password? - enter
email" recovery process known from almost all websites. The idea with
the old Pinentry to enter the passphrase several times during creation
was actually to have such a minimal exercise - however, it failed. The
user does not known why it was done this way and annoyed.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list