Only grab keyboard when line edits have focus in pinentry (qt)

Andre Heinecke aheinecke at intevation.de
Tue Jun 28 14:04:41 CEST 2016


Hi,

When I recently changed pinentry-qt to also support the "repeat" mode (meaning 
two password entries in one dialog for key generation) I had to change the 
keyboard grabbing so that it would work for both line edits.

In that commit I've changed that pinentry-qt now only grabs the keyboard when 
a password line edit has input focus. To my knowledge this still protects 
against keyloggers which simply capture all X-Events and thus does not reduce 
the security over the old "globally grab as soon as we are visible" behavior.

This has the added advantage that you still can continue to work when pinentry 
pops up and for example, look up the passphrase for a key in another encrypted 
file without having to minimize pinentry-qt.

But maybe I've missed some attack that is mitigated by the global grabbing 
behavoir, so if you have concerns about that please let me know so that we can 
discuss this before we release pinentry with this change.


Regards,
Andre

1: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=commit;h=04115b3289dcc9b02044f88c08580618c055a571
-- 
Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160628/a9539486/attachment.sig>


More information about the Gnupg-devel mailing list