Page MenuHome GnuPG
Create Task
Maniphest T3084

pinentry and password managers mix poorly
Closed, DuplicatePublic
Actions

Description

pinentry prompts for my passphrase using a system-wide modal dialog, preventing me from tabbing to my password manager program to retrieve the password. The window has no title, which also prevents me from using Keepass's Auto-Type function through a global keyboard shortcut.

The only option is to hit cancel the window, which leads to it respawning itself. After two or three cancels it stays closed and whatever operation I was attempting fails.

From there it's possible to go to KeePass and copy the appropriate passphrase to the clipboard, re-do whatever led to the pinentry prompt and paste the passphrase into the dialog, but this is not ideal.

Better would be to make the window only application modal (rather than system-wide) and to enter operation and account-specific information into the dialog title (e.g. "Enter your GPG passphrase for some@email.com") to allow the Auto-Type function to be properly configured.

I can't figure out how to screengrab the dialog while the window is modal (PrtSc doesn't seem to work for me).

Thanks!

Ubuntu 16.10
pinentry-gnome3 0.9.7
gpg 2.1.15
libgcrypt 1.7.2-beta
enigmail 1.9.6.1
KeePass 2.34 (Dev)

Related Objects

Event Timeline

Macho created this task.Apr 11 2017, 6:07 PM
Macho created this object in space S1 Public.
Midgard added a subscriber: Midgard.Apr 12 2017, 12:16 PM
Midgard removed a subscriber: Midgard.
justus triaged this task as Wishlist priority.Jun 8 2017, 2:57 PM
justus added a subscriber: justus.

Thanks for the input. You need to understand that this ("keyboard grabbing") is actually a security feature. If you don't like it, you can disable it (using the pinentry option --no-global-grab), or you can switch to a pinentry without that feature (e.g. the qt one).

We can try to improve interoperability though, e.g. by giving the dialog a title.

marcus closed this task as a duplicate of T2145: Enhance pinentry-qt dialog title with key specific info to facilitate auto-typing.Jul 13 2017, 12:10 AM
gardner added a subscriber: gardner.EditedSep 22 2018, 7:35 PM

This issue prevents a user from accessing any other window on their system while the pinentry prompt is up. This issue is different than T2145. This issue is explicitly about the system-wide nature of the modal. The other issue is about auto-typing from a password manager.

When a user generates a new key, the pinentry prompt comes up asking for a passphrase. Some users will generate strong random passwords that are stored in a password manager. This issue prevents users from doing that and instead forces them to produce a password manually which they can remember. As I am sure you know, these memorable passwords are generally less secure than their long random counterparts.

Thanks