pinentry offers to save symmetric passwords in libsecret

Daniel Kahn Gillmor dkg at
Tue Jun 16 17:58:39 CEST 2015

On Tue 2015-06-16 10:41:52 -0400, Neal H. Walfield wrote:

> Currently, pinentry offers to save passwords in an external cache
> (using libsecret) for both private keys and symmetric encryption keys.
> At the implementation level, this is because symmetric keys have a
> valid cache id (thus gpg-agent calls SETKEYINFO on a pinentry).

I'm not even sure what it means to save a symmetric passphrase to the
password manager, without saving an adequately sensible contextual
string along with it.

Let's say i encrypt two files symmetrically using different passwords.
Upon decryption, what is there to distinguish the two?  how would the
password manager offer the user a choice between which symmetric key to
use in this context?

Maybe what i'm missing is how the "cache_id" is selected for the
symmetric passphrase, both at creation time and at re-use time.  can you
summarize that?  I dug around in the code a bit but didn't sort out how
it's being done.


More information about the Gnupg-devel mailing list