pinentry - Impossible to disable/ignore if present?

Jules Colding colding at omesc.com
Fri Apr 20 18:25:56 CEST 2007


On Fri, 2007-04-20 at 16:18 +0200, Werner Koch wrote:
> On Fri, 20 Apr 2007 15:34, colding at omesc.com said:
> 
> > So even if I prevent pinentry to show up it will eventually be
> > impossible for me to provide my own callback function?
> 
> I don't understand this.  It is in general useless to tell gpg-agent not
> to use pinentry for a desktop machine.  For a server you want to use
> gpg-preset-passpharse or - better - use no passphrase at all.

OK, a little background information is in order here I think :-)

I've created a little utility daemon(*) implementing a small and very
simple keyring. The idea is that the keyring is given a master
passphrase to unlock it's content and to encrypt new content. The
content of the keyring is generally passwords.

I'm using gpgme for the encryption and decryption of those passwords.

I've therefore implemented a daemon that holds the master passphrase and
hands it over to the gpgme framework by the use of the passphrase
callback function gpgme_set_passphrase_cb().

Having pinentry pop up whenever my callback function should be invoked
will therefore prevent the correct passphrase from being handed over to
gpgme. I'm using my own little gtk+ dialog to query the master
passphrase and content passwords from the user. 

Maybe I could do this differently but I really want the passphrase
dialog to look exactly like the one being used by Evolution so using
pinentry-gtk-2 is sub-optimal.

Any ideas on how I can:

1) make gpgme use my own callback passphrase function or,

2) make gpgme always use pinentry but using a custom dialog title and
question text

?? 

> > Will this also hold true if I use libgcrypt instead?
> 
> Libgcrypt is a low-level library without any relation to OpenPGP or
> S/MIME.  It is much like libc.

Looks like I need to use it if I can't prevent gpgme from launching
pinentry. The drawback is a lack of sample code using libgcrypt. Any
samples out there doing encryption from a small memory buffer to a file
and decrypting the other way?

Thanks a lot in advance,
  jules


(*) Full source is here:

http://www.omesc.com/content/downloads/dist/testing/brutus-snapshot.tar.bz2

Look in <brutus/idl/products/evolution/2.4/brutus-keyring/> for the
keyring source. A small test program is in <../keyring-test/>.





More information about the Gnupg-users mailing list