How easy would it be to create (and prevent the creation of) a fake pinentry?
Peter Pentchev
roam at ringlet.net
Wed Apr 29 15:40:47 CEST 2009
On Wed, Apr 29, 2009 at 03:31:51PM +0200, Raimar Sandner wrote:
> On Wednesday 29 April 2009 12:09:02 Olivier Mehani wrote:
>
> > Let me explain: having several background-ish applications making use of
> > the agent, it happens that the pinentry sometimes pops out when the
> > passphrase cache has expired. One of my first concerns is that there's
> > no way to identify which application actually needs to use my PGP key.
> > This one seems to be partially addressed in [0], as the application
> > could set the title of the pinentry program.
>
> The pinentry should only pop up when the application actually needs the key do
> do something. If pinentry pops up without you doing someting that requires
> your secret key, you should be worried.
...like, for example, your OpenPGP-powered Jabber client suddenly
needing to reconnect after something happened to the network and
you simply didn't notice? :>
G'luck,
Peter
--
Peter Pentchev roam at ringlet.net roam at space.bg roam at FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
Hey, out there - is it *you* reading me, or is it someone else?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: </pipermail/attachments/20090429/fc4b7f92/attachment.pgp>
More information about the Gnupg-users
mailing list