Pinentry and passphrase file button

Neal H. Walfield neal at walfield.org
Sat Oct 3 20:13:07 CEST 2015


Hi,

At Sat, 3 Oct 2015 12:48:47 -0400,
Ben Kibbey wrote:
> 
> Does anyone object to adding a button to the pinentry dialogs to fill
> the passphrase text field with the contents of a file? The passphrase
> file may contain control characters so maybe adding a checkbox to toggle
> the text field, a new filename text field and file button would be
> better.
> 
> Also, since the passphrase file may contain control characters (nil
> included), many functions in gpg-agent would need to be passed the
> length of the passphrase rather than potentially truncating it. Or maybe
> only issue a warning in pinentry if the passphrase would be truncated?

Before we add additional complexity, can you please explain why such
strange passphrases are needed?

Here's my thoughts on the issue: The passphrase protects the key in
case your hard disk is stolen.  If the passphrase is in a file, what's
the point of having a passphrase at all?  The use of a file just adds
a tiny bit of obscurity, which is little security at all.

Neal



More information about the Gnupg-devel mailing list