gpg-agent features of loopback-pinentry mode, preset_passphrase
Werner Koch
wk at gnupg.org
Mon May 18 12:12:14 CEST 2015
On Fri, 8 May 2015 05:42, gniibe at fsij.org said:
> When --passphrase option is offered, gpg checks gpg-agent feature
> availability (before reading passphrase from file/fd), and gives
> explanation if not. And gpg/gpg-agent manual should address the
> relationship of --passphrase and loopback-pinentry mode.
Actually, I expected that the loopback mode would be used with
--command-fd and not with the one-time setting of a passphrase. I kept
passphrase working because that can be used for symmteric encryption.
After all loopback mode is a hack to bypass the standard way of asking
for passphrases and to allow a simpler thing than a pinentry-wrapper
(e.g. for use by CGIs). We should never advertise it as a way to query
an unprotect-the-secret-key-passphrase - this would defeat the split
between gpg and gpg-agent.
Your suggestion to query the availibility of feature first is good from
the average user perspective. However, average users should not use the
loopback mode anyway (unless a tool uses it invisible).
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list