The loopback pinentry

Werner Koch wk at
Thu Apr 21 12:49:04 CEST 2016

On Wed, 20 Apr 2016 21:32, neal at said:

> Should allow-preset-passphrase also be the default?

I don't think so.  That preset passphrase tool was introduced for those
who have a company/law policy that all keys need to be protected even if
that protection key is stored on the system in the clear.  From a
security point of view this does not make sense.

having the loopback pinentry mode, the preset-passphrase feature is not
anymore needed and new applications should not use it.  It is only for
unattended use and thus a certain configuration is required, anyway.

Before someone asks: The --allow-emacs-pinentry option should be kept
because that new emacs mode has actual security implications and should
thus not be enabled by default.  I also consider that Emacs users can be
expected to enter M-x f ~/.gnupg/gpg-agent.conf ;-)



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list