pinentry-curses competing over tty (was: Extraction of decryption session key without copying complete encrypted file)

Peter Lebbing peter at digitalbrains.com
Mon Aug 28 13:17:17 CEST 2017


On 28/08/17 12:50, Werner Koch wrote:
> If you don't want that feature the --keep-tty and --keep-display options
> for gpg-agent may be useful:

Those options had slipped my mind... Thanks!

Werner, do you know why the bash shell that was running on the X
terminal where pinentry-curses popped up received several of the
keypresses that were intended to go to the pinentry? If I use the
passphrase abcdefghijkl, the entry line in the dialog looks like this:
*b*d*f**i*k*

Pinentry got the wrong passphrase, and when I get back to the shell and
press Enter, bash tells me:
bash: bdfik: command not found

My impression is that both bash and pinentry-curses are reading from the
keyboard input, and it is up to chance who gets the keypress. Pinentry
echoes '*' on a keypress, and bash echoes the entered character.

I've seen this before when I used a terminal-based pinentry and I did an
ssh without first doing an updatestartuptty. Is pinentry-curses doing
all it should to grab the terminal?

Oh, and while I have your attention (I hope :-), is the extra-socket
suitable for sharing with a host running a different version of GnuPG
2.1 or later? It seems useful, in a heterogeneous setting with
distribution-provided GnuPG binaries.

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170828/e9c3a9dd/attachment-0001.sig>


More information about the Gnupg-users mailing list