Option to pass fingerprint to pinentry instead of keygrip (or both)

Werner Koch wk at gnupg.org
Tue Sep 26 10:19:26 CEST 2017

On Tue, 26 Sep 2017 02:06, lukele at gpgtools.org said:

> I noticed that GnuPG 2.2 (probably version > 2.0.X) no longer passes
> the fingerprint of a key to pinentry, but instead a key grip. I was

Pinentry never used the fingerprint.  What you see is a description
formatted in most cases by gpg.  This usually included the fingerprint
but this is nothing Pinentry will ever be able to evaluate

The keygrip is set as additional meta data using the SETKEYINFO command.
Some pinentries use this string to lookup a passphrase in a cache.  For
example from the GNOME keyring manager.  That string is based on the
keygrip but should be considered an opaque cache id for the passphrase.

May it be that you are used to gpg-agent's simple GET_PASSPHRASE command
which also takes an opaque cache id?  Since 2.1 GET_PASSPHRASE is not
anymore used by public key operations because the private key and its
passphrase is solely handled by gpg-agent.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170926/51a6b5d8/attachment.sig>

More information about the Gnupg-devel mailing list