Problem with focus of pinentry on win7

Bernhard Kleine bernhard.kleine at
Mon Nov 26 12:16:00 CET 2018

thanks a lot


Am 26.11.2018 um 11:55 schrieb Werner Koch:
> Hi!
> Here is my reply to the Enigmail list which explains why this is indeed
> not just a problem of gpg and that we can't have a perfect solution.
> For security reasons Windows has strict rules on which process can put
> itself into the focus.  Enigmail needs to tell Pinentry, via gpg, that
> it may take the focus and request input.  This is implemented by a
> callback mechanism all the way from Pinentry, via gpg-agent and gpg up
> to the calling process (Thunderbird here).
> In the case of Enigmail, it needs to call AllowSetForegroundWindow with
> the process handle of the just created gpg process.  In turn, gpg
> detects the Pinentry launch and calls AllowSetForegroundWindow on the
> Process handle of the started Pinentry.  Only then then Pinentry may
> display itself.  Further, when calling AllowSetForegroundWindow the
> process must have its Window already in the foregorund.
> Sometimes other Windows get in the way and even a correct implemented
> AllowSetForegroundWindow chain will not work.  As per Windows security
> architecture, the Pinentry will announce itself in the taskbar.
> I would recommend to increase the passphrase caching time so
> that the Pinentry dialog is not required too often.  Usually there is
> not much security gain by always entering the passphrase: Any attacking
> malware will first install a keylogger and can thus grab the passphrase
> in any case.
> Salam-Shalom,
>    Werner
D-79853 lenzkirch
bernhard.kleine at,
thunderbird mit enigmail
GPG schlüssel: D5257409
08 B7 F8 70 22 7A FC C1 15 49 CA A6 C7 6F A0 2E D5 25 74 09

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list