Page MenuHome GnuPG
Create Task
Maniphest T3924

Pinentry should not prevent the use of password managers by default (in the name of security, no less)
Closed, WontfixPublic
Actions

Description

Currently pinentry-gtk2 (don't know about the -qt version), by default, grabs the keyboard and mouse, preventing the user from accessing a password manager.

I can see how that could be a security feature, but there's a difference between preventing another window from popping into focus in the middle of entering a secret and preventing the user from doing ANYTHING other than typing in the pinentry window. If the user can't type in the secret, this feature effectively forces whatever operation caused pinentry to be invoked to fail, the consequences of which could range from none to catastrophic.

Now, I realize the -g/--no-global-grab option exists, but I couldn't find a way to enable it globally and pinentry, once invoked, doesn't offer a way to disable it either.

This bug report is not about the validity of the keyboard/mouse grabbing concept, but about the global default and/or the ability to change the setting globally, or in the pinentry window.

Details

Version
1.1.0

Event Timeline

wknapik created this task.Apr 20 2018, 3:43 PM
aheinecke closed this task as Wontfix.Apr 20 2018, 4:47 PM
aheinecke claimed this task.
aheinecke added a subscriber: aheinecke.

I (as the maintainer of pinentry-qt) fully agree with your sentiment. I changed it in pinentry-qt (since version 1.0.0) so that the keyboard input is only grabbed (which is a security feature) when the input focus is on the passphrase entry as I found it very annoying myself.

We discussed this on the mailing list and there were arguments that the global grab prevents users from accidentally inputing their passphrase somewhere else e.g. a chat. I disagreed with that and we agreed to disagree with the result that we give users the choice between our flavors which behave differently.

So the solution to your problem is: Use pinentry-qt please :-)

wknapik added a comment.Apr 20 2018, 5:09 PM

Thanks for the quick reply @aheinecke.

Ok, fine, let the default be stupid. But what about letting the user choose ? pinentry-gtk2 could read a config file in /etc, or ~, or ~/.config, or wherever, right ? Or a gconftool setting ? Or an environment variable ? I don't care, as long, as I get a choice. It could even be a clickable widget in the pinentry window.

I don't see how one could argue against letting the user choose.

Switching to the qt variant does not only change this setting. It forces the user to install qt and use an application that may not fit with their otherwise gtk-based desktop.