Page MenuHome GnuPG
Create Task
Maniphest T1951

gpg-agent needs an API to verify a passphrase
Closed, ResolvedPublic
Actions

Description

In some cases, an application wants to verify that a specific passphrase is
correct without doing an explicit cryptographic operation.

For example, during login for mailpile, or a hypothetical libpam-gpg-agent.

Exposing an API that looks something like:

bool isPassphraseCorrect(key_fingerprint, passphrase)

should be sufficient.

Details

Version
2.1

Related Objects

Event Timeline

dkg added projects: Feature Request, gnupg.Apr 18 2015, 10:41 AM
dkg set Version to 2.1.
dkg added a subscriber: dkg.
dkg added a project: gpgagent.Apr 18 2015, 11:30 AM
neal added a subscriber: neal.Jun 12 2015, 4:01 PM

Hi dkg,

On the mailing list and in T1928, we discussed
why it shouldn't be possible for a program to pass the passphrase to gpg agent.
This feature request is at odds with the conclusion drawn there. Should this
issue be closed as WONTFIX?

Thanks,

:) Neal

dkg added a comment.Jun 12 2015, 6:34 PM

Hm, you make a good point about this being undesirable in the general case --
access to a normal gpg-agent shouldn't provide an attacker with a way to guess
passwords silently.

However, consider the mailpile case -- where gpg-agent is running on the
webserver, and the login webpage wants to verify a given user based on the
password for the user's secret key (and wants to avoid keeping some extra
/etc/shadow-equivalent file lying around).

Maybe such an application would start gpg-agent in a different/simpler mode? Or
should we recommend that such an application test the provided passphrase in
some other way, without using gpg-agent at all?

werner added a subscriber: werner.Jun 23 2015, 11:44 AM

Why not doing a dummy signing then?

dkg added a comment.Jun 23 2015, 3:02 PM

We can already do a dummy signature, but it feels sloppy for several reasons:

  • it's not clear exactly what to sign with a dummy signature -- should you sign

static text or a dynamic (random) block?

  • it's not clear what to do with the signatures after creation. It's

concievable that a dummy signature could be abused/misused if the material being
signed turns out to have some other meaning.

  • gpg-agent can be configured to log to an append-only file as a means of

monitoring what signatures have ever been made by a given key. Dummy signatures
introduce spurious signing events that are indistinguishable from real
signatures in this log

  • the creation of arbitrary signatures takes more time than testing passphrase

and returning feedback.

werner added a comment.Jun 29 2015, 12:55 PM

Done with commit 9bca96d. Here is how to use it:

  $ gpg-connect-agent 
  > passwd --verify 2C1103C5C84AAD061B5E3221C048A93D878F7EEE
  OK
  > passwd --verify 2C1103C5C84AAD061B5E3221C048A93D878F7EEE
  ERR 83886179 Operation cancelled <Pinentry>
  > passwd --verify 2C1103C5C84AAD061B5E3221C048A93D878F7EEE
  ERR 67108875 Bad passphrase <GPG Agent>

For the OK I entered the correct passpharse, for the bad passpharse I entered a
bad passphrase three times in a row.

werner added a project: Restricted Project.Jun 29 2015, 12:57 PM
werner closed this task as Resolved.Sep 21 2015, 8:51 AM
werner claimed this task.
werner removed a project: Restricted Project.