gpg-agent features of loopback-pinentry mode, preset_passphrase
gniibe at fsij.org
Fri May 8 05:42:23 CEST 2015
On 05/08/2015 11:54 AM, Daniel Kahn Gillmor wrote:
> If this is the goal, then loopback pinentry is a problem, because an
> attacker with access to the gpg-agent socket can run a
> passphrase-guessing attack without any visibility to the user.
Thank you for pointing out this.
Now, I understand cases of disabling loopback-pinentry mode (and
preset_passphrase), and the reason why it's disabled by defaults.
Indeed, there is a case where we forward gpg-agent's socket.
Well, given this condition, then, we need better diagnostic message to
user, when --passphrase doesn't work well.
My idea is like:
When --passphrase option is offered, gpg checks gpg-agent feature
availability (before reading passphrase from file/fd), and gives
explanation if not. And gpg/gpg-agent manual should address the
relationship of --passphrase and loopback-pinentry mode.
More information about the Gnupg-devel