Integrate pinentry-mac into pinentry

Roman Zechmeister Mento at
Sun Feb 22 05:18:43 CET 2015


> It seems there's now, which is based on the original pinentry.

This repo is my quick check, if it's possible to integrate pinentry-mac into pinentry.
It's more or less our code for pinentry-mac, copied into the sub-dir macosx.
The most of the code is old and ugly, but it works. So i'm thinking about a complete rewrite.

There are some points, i want to clear, before i start to work on this:

1. On Mac OS X it's standard to use Xcode for builds and we're using it for pinentry-mac and all of our other tools.
Is it okay for you, if we're using an Xcode-Project and Xcode, instead of plain automake, to build pinentry for Mac OS X?

2. Should we compile the required source-code from pinentry direct into pinentry-mac (as we do actually) or
should we link against the libs?

3. pinentry-mac allows the user to store the passphrase in the Mac OS X keychain, by selecting a checkbox.
To make this possible, we're patching gpg-agent, to pass the cacheid to pinentry. (OPTION cache-id=xxx)
Without this option – e.g. upstream gpg-agent – pinentry-mac doesn't allow the user to store the passphrase.
How should we solve this in the future?

4. pinentry-mac allows the calling app to define a custom message to show.
This is implemented using PINENTRY_USER_DATA. We allow placeholders like %KEYID and %USERID.
To fill the placeholders, we parse the description from pinentry. This works in the most cases.
The reason for this feature is, to allow some more informative and readable messages. e.g. We can tell the
user for which email/file, he enters the passphrase.
What do you think about that? Is this a desirable feature for pinentry?

5. Using PINENTRY_USER_DATA we also allow to set a custom icon to be shown, like the standard
Mac OS X security dialog. Opinions?

Regards, Mento

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20150222/ecd580b6/attachment.sig>

More information about the Gnupg-users mailing list