The loopback pinentry

Werner Koch wk at
Wed Apr 20 16:26:18 CEST 2016


Since version 2.1 GnuPG has a loopback pinentry mode which does not use
the pinentry but sends the request for a passphrase back to the calling
application (gpg or gpgsm).  This feature was originally implemented for
a very specific use case but it turns out that it is very useful for
unattended use of GnuPG.

To make use of this feature, gpg-agent requires the option
--allow-loopback-pinentry.  The rationale for requiring an option is
that only gpg-agent and pinentry shall be responsible for the passphrase
to protect a key.  The loopback mode weakens this idea.  However, in the
majority of use cases gpg-agent is anyway run on the same machine and
with the same permissions as gpg.  Thus the need for an option to allow
the use of the loopback pinentry mode is questionable.

I propose to make --allow-loopback-pinentry the default and add an
option --no-allow-loopback-pinentry, so that it is possible to disallow
the use of the loopback pinentry.  This is a simple change but some
advanced use cases of GnuPG would benefit from this (e.g. Mailpile).



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: </pipermail/attachments/20160420/96347d19/attachment.sig>

More information about the Gnupg-devel mailing list