pinentry-curses unusable with gpg-agent --no-detach

Matt Garman matthew.garman at gmail.com
Thu Feb 5 17:38:13 CET 2015


This might be a bug, but could also be user-error, so I thought I'd
check the mailing list.

I'm using gpg-agent v2.0.14 (this ships with CentOS/RHEL 6.5).  This
distribution ships pinentry-0.7.6, but I also see this behavior with
the latest pinentry-0.9.0 from gnupg.org source.

Steps to demonstrate issue:
(1) Start gpg-agent with --no-detach option
(2) Make sure $DISPLAY is not set to force pinentry to fallback to curses
(3) Attempt to decode a gpg-encrypted file to trigger pinentry

In the stock RHEL pinentry version (0.7.6), the input is automatically
and continuously "crammed" with asterisks ('*').  That is, it's as if
someone is typing in an infinite-length password as quickly as
possible.  This also consumes 100% of CPU and requires kill -9.

With the latest pinentry (0.9.0), the behavior is the same, except the
asterisks don't fill as quickly, maybe one or two per second.  Still
unusable, just not as severe as the older pinentry-curses.

(I realize the gpg-agent --no-detach option is meant for debugging,
but we are intending to modify gpg to not use the agent if it's not
running on the same TTY as gpg.  Without --no-detach, agent runs
without a TTY, and our gpg modification renders agent useless.  But
the behavior described above occurs without any gpg modification.)

Thanks!



More information about the Gnupg-users mailing list