Example of 'PINENTRY_USER_DATA which can fulfill the' (envpassphrase) 'task'?

Werner Koch wk at gnupg.org
Mon Apr 29 13:45:57 CEST 2024


On Mon, 29 Apr 2024 07:03, Bee said:

> But that environment is not passed and used by pinentry - it has no
> knowledge of them. PINENTRY_USER_DATA may exist, but it has no
> knowledge as to how to interpret it. Ergo, some other mechanism must

Its is called "USER DATA" for a reason - you have to decide what to do
with it.  If your really really want a passphrase, what about passing
the filename of a file holding the passphrase.  Or a socket or some
another secure IPC mechanism locator.

For unattended use the only reason for a passphrase - which protects the
private key against local users - are stupid policy requirements you
have to follow.  In all other cases, first come up with an attack tree
to show that a passphrase is of any use for your application.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240429/ffb97089/attachment.sig>


More information about the Gnupg-users mailing list