Page MenuHome GnuPG
Create Task
Maniphest T4348

When pinentry cache is used, gpg-agent should clear the cache if it failed at unprotect
Closed, ResolvedPublic
Actions

Description

For some reason (say, a bug in gnome-keyring-daemon), it happens that invalid entry is recorded in gnome-keyring-daemon.

Once it's there, gpg-agent keep failing to unprotect key using invalid cached passphrase.

For such a case, gpg-agent should ask pinentry to clear the cache, and pinentry should ask the external cache service (libsecret) to clear the cache.

Or else, creating invalid entry (say, using gpg-keyring-daemon's vulnerability) would be a kind of DoS for use of private key.

Revisions and Commits

rG GnuPG
rG9109bb9919f8 agent: Clear bogus pinentry cache, when it causes an error.
rG02a2633a7f0b agent: Clear bogus pinentry cache, when it causes an error.

Related Objects
Search...

Event Timeline

gniibe created this task.Jan 26 2019, 2:46 PM
gniibe added a comment.Jan 28 2019, 4:51 AM

Confirmed that manually created entry in gnome-keyring-daemon causes trouble.

gniibe added a comment.Jan 28 2019, 4:55 AM

When bogus entry is "", the error is GPG_ERR_NO_PASSPHRASE, and user cannot input the passphrase.

When the entry is wrong text (length >= 1), the error is GPG_ERR_BAD_PASSPHRASE, and user can input correct passphrase, because it allows three times of input.

gniibe added a commit: rG02a2633a7f0b: agent: Clear bogus pinentry cache, when it causes an error..Jan 28 2019, 5:04 AM
gniibe added a commit: rG9109bb9919f8: agent: Clear bogus pinentry cache, when it causes an error..Feb 6 2019, 9:31 AM
werner mentioned this in T4290: Release GnuPG 2.2.13.Feb 12 2019, 6:59 PM
gniibe closed this task as Resolved.Feb 19 2019, 2:45 AM