The loopback pinentry

Werner Koch wk at
Thu Apr 21 13:16:31 CEST 2016

On Wed, 20 Apr 2016 19:00, bre at said:

> As far as I'm concerned this isn't about security - this is
> fixing a regression that took place in 2.0 which broke the
> ability to use gpg in an unattended/automated way. This proposal
> goes a long way to fixing that.

I feel that I need to comment on this despite that it is a bit

No, it did not broke the ability for unattended use, but changed the way
to do it.

With 2.0.8 from 2007, we introduced the envvar PINENTRY_USER_DATA to
make unattended use with a non-fixed passphrase possible.  What this
envvar, along with a custom Pinentry does, is the same as what the
loopback pinentry modes provides - just using a different programming
model.  This was for examples used for an S/MIME based university web
mail system.  For the OpenPGP (gpg) from GnuPG 2.0, the gpg-agent was
only used as a passphrase cache and gpg's --passphrase-fd kept working
like in 1.4.  Only since 2.1, gpg-agent takes responsibility for the
private keys and thus we have a larger change - but also the loopback



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list