The loopback pinentry
Werner Koch
wk at gnupg.org
Thu Apr 21 13:16:31 CEST 2016
On Wed, 20 Apr 2016 19:00, bre at pagekite.net said:
> As far as I'm concerned this isn't about security - this is
> fixing a regression that took place in 2.0 which broke the
> ability to use gpg in an unattended/automated way. This proposal
> goes a long way to fixing that.
I feel that I need to comment on this despite that it is a bit
off-topic:
No, it did not broke the ability for unattended use, but changed the way
to do it.
With 2.0.8 from 2007, we introduced the envvar PINENTRY_USER_DATA to
make unattended use with a non-fixed passphrase possible. What this
envvar, along with a custom Pinentry does, is the same as what the
loopback pinentry modes provides - just using a different programming
model. This was for examples used for an S/MIME based university web
mail system. For the OpenPGP (gpg) from GnuPG 2.0, the gpg-agent was
only used as a passphrase cache and gpg's --passphrase-fd kept working
like in 1.4. Only since 2.1, gpg-agent takes responsibility for the
private keys and thus we have a larger change - but also the loopback
mode.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list