How easy would it be to create (and prevent the creation of) a fake pinentry?
roam at ringlet.net
Wed Apr 29 15:40:47 CEST 2009
On Wed, Apr 29, 2009 at 03:31:51PM +0200, Raimar Sandner wrote:
> On Wednesday 29 April 2009 12:09:02 Olivier Mehani wrote:
> > Let me explain: having several background-ish applications making use of
> > the agent, it happens that the pinentry sometimes pops out when the
> > passphrase cache has expired. One of my first concerns is that there's
> > no way to identify which application actually needs to use my PGP key.
> > This one seems to be partially addressed in , as the application
> > could set the title of the pinentry program.
> The pinentry should only pop up when the application actually needs the key do
> do something. If pinentry pops up without you doing someting that requires
> your secret key, you should be worried.
...like, for example, your OpenPGP-powered Jabber client suddenly
needing to reconnect after something happened to the network and
you simply didn't notice? :>
Peter Pentchev roam at ringlet.net roam at space.bg roam at FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
Hey, out there - is it *you* reading me, or is it someone else?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 196 bytes
Desc: not available
More information about the Gnupg-users