gpg-agent features of loopback-pinentry mode, preset_passphrase

NIIBE Yutaka gniibe at
Fri May 8 05:42:23 CEST 2015

On 05/08/2015 11:54 AM, Daniel Kahn Gillmor wrote:
> If this is the goal, then loopback pinentry is a problem, because an
> attacker with access to the gpg-agent socket can run a
> passphrase-guessing attack without any visibility to the user.

Thank you for pointing out this.

Now, I understand cases of disabling loopback-pinentry mode (and
preset_passphrase), and the reason why it's disabled by defaults.
Indeed, there is a case where we forward gpg-agent's socket.

Well, given this condition, then, we need better diagnostic message to
user, when --passphrase doesn't work well.

My idea is like:

When --passphrase option is offered, gpg checks gpg-agent feature
availability (before reading passphrase from file/fd), and gives
explanation if not.  And gpg/gpg-agent manual should address the
relationship of --passphrase and loopback-pinentry mode.

More information about the Gnupg-devel mailing list