The loopback pinentry

NIIBE Yutaka gniibe at
Thu Apr 21 01:25:53 CEST 2016

On 04/20/2016 11:26 PM, Werner Koch wrote:
> I propose to make --allow-loopback-pinentry the default and add an
> option --no-allow-loopback-pinentry, so that it is possible to disallow
> the use of the loopback pinentry.  This is a simple change but some
> advanced use cases of GnuPG would benefit from this (e.g. Mailpile).

Are there any things (options and the protocol) for gpg-agent to
control/record the use of loopback mode for forwarded requests?

If so, I think that change of the default would be OK.

My concern is that:

    The change of the default makes the remote access of private keys
    under gpg-agent rather easier.

    We need to setup things carefully (more) when we enable forwarding.


    Modification of the protocol to distinguish remote client
    (forwarded connection) would be encouraged.

    Adding options for remote client handling would be needed?, perhaps.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160421/b0a67756/attachment.sig>

More information about the Gnupg-devel mailing list