Implement --pinentry-mode loopback --passphrase-fd 9 also for gpgsm
Closed, ResolvedPublic

Description

Implementing pinentry-mode loopback and the corresponding passphrase options not
only in gpg2, but also in gpgsm, would solve most of my problems of using gpgsm
in special environment.

Details

Version
2.1.3
perske set Version to 2.1.3.
perske added a subscriber: perske.
perske added a project: Bug Report.

Background information:

With GnuPG 2.1, my webmailer does no longer work.

In principle, I use the following procedure e. g. for signing an e-mail:

  1. My GnuPG 2.0 is compiled with the option

--with-pinentry-pgm=/path/to/pinentrywrapper

  1. The user enters text and passphrase into the HTML form.
  1. I encrypt the passphrase with symmetric cryptography
  1. I set the environment variable PINENTRY_USER_DATA to the encrypted password

(see also T799)

  1. I set the environment variable GPG_TTY to "PINENTRY/pinentry-permail"
  1. I also set the environment variables HOME and GNUPGHOME.
  1. I launch /path/to/gpg-agent --daemon --sh --no-allow-mark-trusted
  1. I parse the output GPG_AGENT_INFO=/path/to/socket:process_number:version_number
  1. Then I sign, encrypt, decrypt, verify or whatever the user wants by
    • putting GPG_AGENT_INFO and all other needed variables into the environment
    • starting /path/to/gpgsm with all needed options for the respective transaction
  1. Then gpgsm contacts the just started gpg-agent which calls my

/path/to/pinentrywrapper which detects the "magic" GPG_TTY setting and does not
try to start a dialog on the (non-existent) terminal or desktop, but simply
responds with the decrypted content of PINENTRY_USER_DATA whenever a passphrase
input is requested.

  1. Finally I kill the gpg-agent using the process_number extracted above.

This procedure does no longer work with GnuPG 2.1 because I cannot start a new
agent for every transaction: gpg-agent of 2.1 uses the default socket, not a new
one, and does not write its process_number into GPG_AGENT_INFO, and, most
important, gpgsm disregards GPG_AGENT_INFO so that I cannot tell gpgsm which
running gpg-agent to contact. (There can be multiple transactions at the same
time; I trust in gpg-agent to properly lock files where necessary.)

As long as there is no way of passing the entered passphrase from my webmailer
to gpg-agent in any other way than by writing it into the environment when
starting gpg-agent and using a special pinentry that reads this environment, I
have to start a new gpg-agent for every transaction because different
transactions may need different passphrases.

That, of course, is only an ugly, ugly circumvention of a limitation of gpgsm.

gpg2 knows options --pinentry-mode loopback --passphrase-fd file_number, and
gpg-agent offers all support for using these options. Only gpgsm does not
support it.

If gpgsm would also offer these options, the whole hack with a magic GPG_TTY,
with the encrypted PINENTRY_USER_DATA, with using a pinentry wrapper, and with
using special options when compiling GnuPG 2.0 would be completely unnecessary.

So please please please copy the code that implements --pinentry-mode loopback
--passphrase-fd file_number from gpg2 to gpgsm.

Thank you very much!

werner added a subscriber: werner.May 11 2015, 7:00 PM

Okay that can be done. It won't be in 2.1., though.

justus closed this task as Resolved.Mar 7 2016, 6:21 PM
justus claimed this task.

Fixed in eea139c.