gpg-agent and allow-loopback-pinentry

Patrick Brunschwig patrick at
Fri Jan 2 18:01:37 CET 2015

Hash: SHA256

On 02.01.15 16:02, Werner Koch wrote:
> On Fri,  2 Jan 2015 15:13, patrick at said:
>> and recommendation was to design the key creation dialog as
>> follows:
>> ---------------------------------------- *Key Creation*
>> Your _public key_ is used by others to send you encrypted
>> messages. You can be distribute it to anyone."
>> Your _private key_ is required for you to decrypt received mails
>> and to send signed mails. You should not give it to anyone. To
>> secure your private key, please enter a passphrase below.
>> *Important:* your passphrase is not your private key.
>> Passphrase        : [         ] Confirm passphrase: [         ]
>> Password Quality:   [color bar] 
>> ----------------------------------------
> I am not a UX expert but with my facebook-user-hat on I see a lot
> of text which describes something but does not explain what the
> passphrase is.  "is not your private key" - well, what is it then?

Yes, I'm aware of this flaws, especially as the authors also suggest
to reduce the amount of text. The design suggests to add symbolic
question marks after the explanation which should display a help
dialog. I'm not yet sure how I should resolve this contradiction.

> The prominent passphrase entry with quality bar and a bold
> "important" flag creates the impression that the passphrase is
> really important for security.

I prefer the term "note" instead, and probably not in bold either.

> There is also no exercise to make sure the passphrase is
> remembered after a few minutes.  Many people rely on the "forget
> password? - enter email" recovery process known from almost all
> websites.  The idea with the old Pinentry to enter the passphrase
> several times during creation was actually to have such a minimal
> exercise - however, it failed.  The user does not known why it was
> done this way and annoyed.

I see. Unfortunately I haven't seen anything other than pinentry-mac
(which is based on pinentry 0.8.1) in the last years ...

- -Patrick

Version: GnuPG v2


More information about the Gnupg-devel mailing list