Pinentry and passphrase file button
Neal H. Walfield
neal at walfield.org
Sat Oct 3 20:13:07 CEST 2015
At Sat, 3 Oct 2015 12:48:47 -0400,
Ben Kibbey wrote:
> Does anyone object to adding a button to the pinentry dialogs to fill
> the passphrase text field with the contents of a file? The passphrase
> file may contain control characters so maybe adding a checkbox to toggle
> the text field, a new filename text field and file button would be
> Also, since the passphrase file may contain control characters (nil
> included), many functions in gpg-agent would need to be passed the
> length of the passphrase rather than potentially truncating it. Or maybe
> only issue a warning in pinentry if the passphrase would be truncated?
Before we add additional complexity, can you please explain why such
strange passphrases are needed?
Here's my thoughts on the issue: The passphrase protects the key in
case your hard disk is stolen. If the passphrase is in a file, what's
the point of having a passphrase at all? The use of a file just adds
a tiny bit of obscurity, which is little security at all.
More information about the Gnupg-devel