Only grab keyboard when line edits have focus in pinentry (qt)
Andre Heinecke
aheinecke at intevation.de
Tue Jun 28 14:04:41 CEST 2016
Hi,
When I recently changed pinentry-qt to also support the "repeat" mode (meaning
two password entries in one dialog for key generation) I had to change the
keyboard grabbing so that it would work for both line edits.
In that commit I've changed that pinentry-qt now only grabs the keyboard when
a password line edit has input focus. To my knowledge this still protects
against keyloggers which simply capture all X-Events and thus does not reduce
the security over the old "globally grab as soon as we are visible" behavior.
This has the added advantage that you still can continue to work when pinentry
pops up and for example, look up the passphrase for a key in another encrypted
file without having to minimize pinentry-qt.
But maybe I've missed some attack that is mitigated by the global grabbing
behavoir, so if you have concerns about that please let me know so that we can
discuss this before we release pinentry with this change.
Regards,
Andre
1: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=commit;h=04115b3289dcc9b02044f88c08580618c055a571
--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160628/a9539486/attachment.sig>
More information about the Gnupg-devel
mailing list