• agent/call-pinentry.c (estimate_passphrase_quality): Call external program to evaluate passphrase if requested.
• agent/agent.h (struct opt): New field passphrase_quality_checker.
• agent/gpg-agent.c (oPassphraseChecker): New const.

(opts): New option --passphrase-checker.

(parse_rereadable_options): Handle the new option.

This is a proposal to allow deferring the evaluation of a
passphrase's quality to an external program. The program is
expected to accept the passphrase to its standard input and
to write the quality value on its standard output (this is
the behavior of the pwscore program, part of the libpwquality
project).

GnuPG-bug-id: 2103
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>

Install pwscore (libpwquality-tools in Debian) and run the following commands:

GNUPGHOME=$(mktemp -d /tmp/gnupg.XXXXXX)
export GNUPGHOME
gpg-agent --daemon --passphrase-checker /usr/bin/pwscore --pinentry-program /usr/bin/pinentry-gtk-2
gpg2 --quick-gen-key 'Alice <alice@example.org>'

When pinentry prompts for the new passphrase, check that for a given passphrase, the quality indicator gives the same value than the one returned by pwscore for the same passphrase.

Redo without the --passphrase-checker option and check that the quality indicator behaves as usual (10% per character).