How easy would it be to create (and prevent the creation of) a fake pinentry?
Olivier Mehani
shtrom at ssji.net
Wed Apr 29 12:09:02 CEST 2009
Hi GnuPG users,
I'm a happy user of PGP and the GPG agent with it's little friend the
GTK pinentry program to facilitate usage. I've been starting to wonder,
though, how easy it would be to fake a GPG pinentry window.
Let me explain: having several background-ish applications making use of
the agent, it happens that the pinentry sometimes pops out when the
passphrase cache has expired. One of my first concerns is that there's
no way to identify which application actually needs to use my PGP key.
This one seems to be partially addressed in [0], as the application
could set the title of the pinentry program.
However, I can't see any reason why a malicious applications couldn't
set the title to some valid application in order to be able to use my
key without my consent. This leads me to a generalization of the
problem: how easy would it be to create a pinentry-lookalike program,
pretending to be called by a valid application in order to steal a
user's passphrase?
And, then, how can that be prevented? (I mean beside the obvious “don't
get your computer hacked” solution)
Thanks in advance for your insight.
PS: please CC me on any answer as I'm not subscribed to the list.
[0] https://bugs.g10code.com/gnupg/issue966
--
Olivier Mehani <shtrom at ssji.net>
PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: </pipermail/attachments/20090429/2e1b9ed3/attachment-0001.pgp>
More information about the Gnupg-users
mailing list