pinentry offers to save symmetric passwords in libsecret
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Jun 16 17:58:39 CEST 2015
On Tue 2015-06-16 10:41:52 -0400, Neal H. Walfield wrote:
> Currently, pinentry offers to save passwords in an external cache
> (using libsecret) for both private keys and symmetric encryption keys.
> At the implementation level, this is because symmetric keys have a
> valid cache id (thus gpg-agent calls SETKEYINFO on a pinentry).
I'm not even sure what it means to save a symmetric passphrase to the
password manager, without saving an adequately sensible contextual
string along with it.
Let's say i encrypt two files symmetrically using different passwords.
Upon decryption, what is there to distinguish the two? how would the
password manager offer the user a choice between which symmetric key to
use in this context?
Maybe what i'm missing is how the "cache_id" is selected for the
symmetric passphrase, both at creation time and at re-use time. can you
summarize that? I dug around in the code a bit but didn't sort out how
it's being done.
More information about the Gnupg-devel