How easy would it be to create (and prevent the creation of) a fake pinentry?

Peter Pentchev roam at
Wed Apr 29 15:40:47 CEST 2009

On Wed, Apr 29, 2009 at 03:31:51PM +0200, Raimar Sandner wrote:
> On Wednesday 29 April 2009 12:09:02 Olivier Mehani wrote:
> > Let me explain: having several background-ish applications making use of
> > the agent, it happens that the pinentry sometimes pops out when the
> > passphrase cache has expired. One of my first concerns is that there's
> > no way to identify which application actually needs to use my PGP key.
> > This one seems to be partially addressed in [0], as the application
> > could set the title of the pinentry program.
> The pinentry should only pop up when the application actually needs the key do 
> do something. If pinentry pops up without you doing someting that requires 
> your secret key, you should be worried., for example, your OpenPGP-powered Jabber client suddenly
needing to reconnect after something happened to the network and
you simply didn't notice? :>


Peter Pentchev	roam at    roam at    roam at
PGP key:
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
Hey, out there - is it *you* reading me, or is it someone else?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: </pipermail/attachments/20090429/fc4b7f92/attachment.pgp>

More information about the Gnupg-users mailing list