Pinentry linking to libassuan? (was: Add inside-Emacs mode to GUI pinentry programs)

[Werner Koch]

Hi,

given that pinentry gets more and more complicated it does not anymore
fulfill its original goal to be small enough to be easily audited.  One
of the main problem here has been the major changes to Gtk+ over the
last decade.  And now of Emacs socket code is added as well.

Originally Pinentry should be mostly self-standing but today this is
only true for the plain curses, tty and Windows versions.  Most users
however build one of the real GUI versions with all their large
dependencies.

The question is whether we should keep on using our much stripped down
versions of libassuan and libgpg-error or switch over to use libassuan
and libgpg-error directly.  In fact, both libraries are required by
GnuPG itself and also be any software using GPGME.  Thus we can expect
that such a change won't introduce any new platform problems.

However, we should also link to Libgcrypt to make use of its secure
memory code - if that is something we should keep on using. It would
also be possible to do without and make sure that the passphrase is only
stored at one place which we would manually clear as needed.  Frankly, I
think that the mlock-ed memory area is not useful anymore because it
does not help against hibernation.  To mitigate the swapping problem an
encrypted swap partition is anyway much easier and safer.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.