The loopback pinentry

Bjarni Runar Einarsson bre at pagekite.net
Wed Apr 20 18:27:47 CEST 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello gnupg-devel!

Werner Koch <wk at gnupg.org> wrote:
[snip]
> 
> I propose to make --allow-loopback-pinentry the default and add
> an option --no-allow-loopback-pinentry, so that it is possible
> to disallow the use of the loopback pinentry. This is a simple
> change but some advanced use cases of GnuPG would benefit from
> this (e.g. Mailpile).
> 
> 
> Salam-Shalom,
> 
>    Werner

This would be fantastic; unstoppable pinentry is the largest
single road-block that prevents Mailpile from working well with
GnuPG 2.0 and up.

All of the solutions we currently have on the table involve
creating a custom gpg.conf for Mailpile or *editing* the user's
gpg.conf to add the settings we need; neither of which are good
solutions in our opinion.

I would also like to point out that for users with gnupg 1.4
installed, changing this default is in no way reducing security -
the desired behaviour is already available by falling back to
gnupg 1.4 (as Mailpile currently does). Making automation easier
(as Werner is suggesting here) is IMO key to making gpg 1.4
eventually go away.

Thanks for looking at this, Werner.

All the best,
 - Bjarni

- -- 
PageKite.net lets your personal computer be part of the web.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJXF63rAAoJEI4ANxYAz5SReBwIAJu4UG1IwleNADC7ridW5dPz
g+qLCU0pFHsZuXT6VFU37Qki1Vezd+tA5andycfGmTmqInFRMKWkxD2hHfZSPDMk
sW/DaouArJW4qCtIG1meVOfTPq4RLMXX5czbCRdsxFbHMm6DtR3SwnBYJDAwiGBC
+9LjQSNmyQ0u4qxl2mJN8E7ed1Z1dXhI5GyRnDcD1HHYQrQ15A2i8uX6Optox1c5
P+pbOqweGdQgDx7jCC/vlZyeGL1bs3eYHDnj2yeOvaMk7La4/HfnssqekZxXJ7cP
CPORMiaVm6eKIEcmwkHt57oqdW/iMPF51kKsv1TM8xRFBYGt1fyJbZu6SUk7Bjw=
=eqSv
-----END PGP SIGNATURE-----


More information about the Gnupg-devel mailing list