Problem with focus of pinentry on win7

Bernhard Kleine bernhard.kleine at gmx.net
Mon Nov 26 12:16:00 CET 2018


thanks a lot

Bernhard

Am 26.11.2018 um 11:55 schrieb Werner Koch:
> Hi!
>
> Here is my reply to the Enigmail list which explains why this is indeed
> not just a problem of gpg and that we can't have a perfect solution.
>
> For security reasons Windows has strict rules on which process can put
> itself into the focus.  Enigmail needs to tell Pinentry, via gpg, that
> it may take the focus and request input.  This is implemented by a
> callback mechanism all the way from Pinentry, via gpg-agent and gpg up
> to the calling process (Thunderbird here).
>
> In the case of Enigmail, it needs to call AllowSetForegroundWindow with
> the process handle of the just created gpg process.  In turn, gpg
> detects the Pinentry launch and calls AllowSetForegroundWindow on the
> Process handle of the started Pinentry.  Only then then Pinentry may
> display itself.  Further, when calling AllowSetForegroundWindow the
> process must have its Window already in the foregorund.
>
> Sometimes other Windows get in the way and even a correct implemented
> AllowSetForegroundWindow chain will not work.  As per Windows security
> architecture, the Pinentry will announce itself in the taskbar.
>
> I would recommend to increase the passphrase caching time so
> that the Pinentry dialog is not required too often.  Usually there is
> not much security gain by always entering the passphrase: Any attacking
> malware will first install a keylogger and can thus grab the passphrase
> in any case.
>
>
> Salam-Shalom,
>
>    Werner
>
-- 
spitzhalde9
D-79853 lenzkirch
bernhard.kleine at gmx.net
www.b-kleine.com, www.urseetal.net
-
thunderbird mit enigmail
GPG schlüssel: D5257409
fingerprint:
08 B7 F8 70 22 7A FC C1 15 49 CA A6 C7 6F A0 2E D5 25 74 09


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181126/830175ae/attachment.sig>


More information about the Gnupg-users mailing list