When pinentry cache is used, gpg-agent should clear the cache if it failed at unprotect
Closed, ResolvedPublic

Description

For some reason (say, a bug in gnome-keyring-daemon), it happens that invalid entry is recorded in gnome-keyring-daemon.

Once it's there, gpg-agent keep failing to unprotect key using invalid cached passphrase.

For such a case, gpg-agent should ask pinentry to clear the cache, and pinentry should ask the external cache service (libsecret) to clear the cache.

Or else, creating invalid entry (say, using gpg-keyring-daemon's vulnerability) would be a kind of DoS for use of private key.

gniibe created this task.Jan 26 2019, 2:46 PM

Confirmed that manually created entry in gnome-keyring-daemon causes trouble.

When bogus entry is "", the error is GPG_ERR_NO_PASSPHRASE, and user cannot input the passphrase.

When the entry is wrong text (length >= 1), the error is GPG_ERR_BAD_PASSPHRASE, and user can input correct passphrase, because it allows three times of input.

gniibe closed this task as Resolved.Feb 19 2019, 2:45 AM