gpg-agent/pinentry: How to verify calling application

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Jul 16 09:30:03 CEST 2017


On Sat 2017-07-15 16:02:22 +0200, Hartmut Knaack wrote:
> on my machine running Linux and a recent KDE/Plasma, pinentry-qt
> occasionally starts right after logging in and asks for my passphrase.
> Is there any way to track down, which process asks gpg-agent for my private
> key? Preferably, I would like pinentry to inform, which process actually is
> the source of the key request.

pinentry itself doesn't know the source of the request, but gpg-agent
could use getsockopt(SO_PEERCRED) to get at least the requesting
process's pid, uid, and gid.

the pid is kind-of usable (with some possibility of a race) to learn
something about which process made the request, which gpg-agent could
pass on to the pinentry.

I don't think there's currently any plan to do anything like this, but
if you want it to happen, i recommend documenting the idea in a ticket
on https://dev.gnupg.org/ so that there's somewhere to keep track of it
and potentially collect proposed patches.

Regards,

   --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170716/7c0359ac/attachment.sig>


More information about the Gnupg-users mailing list