Page MenuHome GnuPG
Create Task
Maniphest T2014

pinentry offers to save symmetric passwords in libsecret
Open, WishlistPublic
Actions

Description

Currently, pinentry offers to save passwords for symmetric encryption keys.
This is because symmetric keys have a valid cache id (thus gpg-agent calls
SETKEYINFO on a pinentry).

A major issue with this, according to Werner, is that unlike public key crypto,
people are using symmetric encryption because they don't want to leave any
traces on the disk about the encryption.

Note: that saving passwords in an external password manager is defined to be
opt-in so security conscious users are unlikely to save the password.

In gpg 2.0, this is not easy to fix: both symmetric keys and public keys are
cache mode CACHE_MODE_USER. In 2.1, public keys are CACHE_MODE_NORMAL. As
such, in 2.1, we could not call SETKEYINFO for keys with CACHE_MODE_USER.

Event Timeline

neal added projects: gnupg, Bug Report.Jun 16 2015, 4:34 PM
neal added a subscriber: neal.
werner added a subscriber: werner.Jan 15 2016, 4:41 PM

I changed this to a wish because it it questionable whether this is a bug or a
feature of libsecret.

werner lowered the priority of this task from Normal to Wishlist.Jan 15 2016, 4:41 PM
werner removed a project: Bug Report.
werner added a project: Feature Request.