The loopback pinentry
Werner Koch
wk at gnupg.org
Thu Apr 21 12:49:04 CEST 2016
On Wed, 20 Apr 2016 21:32, neal at walfield.org said:
> Should allow-preset-passphrase also be the default?
I don't think so. That preset passphrase tool was introduced for those
who have a company/law policy that all keys need to be protected even if
that protection key is stored on the system in the clear. From a
security point of view this does not make sense.
having the loopback pinentry mode, the preset-passphrase feature is not
anymore needed and new applications should not use it. It is only for
unattended use and thus a certain configuration is required, anyway.
Before someone asks: The --allow-emacs-pinentry option should be kept
because that new emacs mode has actual security implications and should
thus not be enabled by default. I also consider that Emacs users can be
expected to enter M-x f ~/.gnupg/gpg-agent.conf ;-)
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list