pinentry-curses reveals pin
Open, NormalPublic

Description

Hey guys,

I ran into a strange edge case on macOS Mojave 10.14.6, GnuPG 2.2.17 and Git 2.21.0 (Apple Git-122).

If a YubiKey is used to store private keys and pinentry-curses is used to enter the pin, everything works fine (a pin is prompted for and replaced by asterisks as it is typed) when a git push is initiated from iTerm2 (build 3.3.6).

But if a git push is initiated in Visual Studio Code (version 1.36.1) or Tower (version 2.6.6, build 359), pinentry-curses reveals the pin as it is type (see attachment).

Perhaps I am doing something wrong? Feels like a big deal from an opsec perspective.

How can I fix this?

Thanks,

Sun

Details

Version
gpg (GnuPG) 2.2.17
werner triaged this task as Normal priority.Oct 29 2019, 10:26 AM
werner added projects: pinentry, MacOS.
werner added a subscriber: werner.

Then better do not use a curses pinentry. It can't guarantee that another process changes the tty properties. For security reasons it is better to run the pinentry in a different window (ie. a GUI based pinentry).

Thanks for the follow-up Werner.

It can't guarantee that another process changes the tty properties.

Can you please elaborate a tiny bit on that so I know what to dig for?

For security reasons it is better to run the pinentry in a different window (ie. a GUI based pinentry).

Why so? I guess you are referring to pinentry-mac. Are there others that you recommend?

Thanks!