[Enigmail] Paste passphrase from clipboard into pinentry dialogbox

Jérôme Pinguet jerome at jerome.cc
Sat Mar 28 23:47:42 CET 2015


On 03/28/2015 08:30 PM, Daniel Kahn Gillmor wrote:
> [so much for following up on gpg-devel; i'm replying to enigmail because
> that's where this message went, even though i don't understand the
> reason to keep this non-enigmail discussion here]
>
> On Sat 2015-03-28 15:09:15 -0400, Doug Barton wrote:
>> Finally, someone else already posted the right answer, a tool like 
>> Keepass can auto-type the password, bypassing the clipboard. It's also 
>> thought to be safe against key loggers, although there is some dispute 
>> on that topic.
> I quite like the Keepass approach.
>
> But it's not clear to me that this will work, at least for the versions
> of pinentry i've seen that grab the input devices (i'm seeing this on
> X11, at any rate).  In this case, I don't think there is a way to
> trigger keepass to get it to type into the pinentry dialog.
>
> What platforms as this approach been tested on?
Debian Stable, KeePass2, pinentry-gtk-2 and pinentry-qt4 both work, and
are both a bit slow (it might take up to 30 seconds !!! for the pinentry
dialog to be accepted, but my password is not insanely long, it's in the
20-40 chars range). I tested it with both GnuPG 1.4.x and 2.0.x

In fact I use this on a daily basis combined with Enigmail. Sometimes,
for reasons beyond my grasp, pinentry complains of a wrong password.
When it happens, i restart keepass2 and then it works again. KeePass2
comes with tons of Mono packages and it's a bit sluggish, but I haven't
found anything as reliable yet in the limited offer of Debian packaged
free software password managers.

If the KeePass2-pinentry process was faster, it would be perfect.

By the way Daniel, thanks for your GPG best practices page and more
generally for your work related to GPG, Riseup and Debian! :-) I often
refer to Riseup GPG Best practices during the cryptoparties I organize
in Marseille.

Here is the link:
https://help.riseup.net/en/security/message-security/openpgp/best-practices

Jérôme

-- 
OpenPGP / GPG key: 0x14B7E62420E51038
I encrypt emails with GPG, Thunderbird & Enigmail.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.enigmail.net/pipermail/enigmail-users_enigmail.net/attachments/20150328/966e86df/attachment.sig>


More information about the enigmail-users mailing list