gpg-agent features of loopback-pinentry mode, preset_passphrase

Werner Koch wk at gnupg.org
Mon May 18 12:12:14 CEST 2015


On Fri,  8 May 2015 05:42, gniibe at fsij.org said:

> When --passphrase option is offered, gpg checks gpg-agent feature
> availability (before reading passphrase from file/fd), and gives
> explanation if not.  And gpg/gpg-agent manual should address the
> relationship of --passphrase and loopback-pinentry mode.

Actually, I expected that the loopback mode would be used with
--command-fd and not with the one-time setting of a passphrase.  I kept
passphrase working because that can be used for symmteric encryption.

After all loopback mode is a hack to bypass the standard way of asking
for passphrases and to allow a simpler thing than a pinentry-wrapper
(e.g. for use by CGIs).  We should never advertise it as a way to query
an unprotect-the-secret-key-passphrase - this would defeat the split
between gpg and gpg-agent.

Your suggestion to query the availibility of feature first is good from
the average user perspective.  However, average users should not use the
loopback mode anyway (unless a tool uses it invisible).


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list