pinentry: pinentry-curses doesn't allow to set no password on small terminals
Open, NormalPublic

Description

Debian Buster
pinentry-curses 1.1.0
gnupg 2.2.12

I want to generate a key pair without password protection with pinentry-curses.
It doesn't work: I get into a loop reasking me for a password.
If I use a graphical pinentry it works.

Editing a key pair to remove the password, also doesn't work.

Details

Version
1.1.0
ludwig created this task.Apr 22 2020, 2:56 PM
werner added a subscriber: werner.Apr 23 2020, 2:52 PM

I just tried and Pinentry ask me whether I really want to use an unprotected key. Take care that you hit the right button.

Perhaps I explain the steps, I'm doing.
I'm on a minimal debian buster instance.

  1. gpg2 --full-gen-key
  2. Insert stuff.
  3. See Dialog:

Real name: Test1 Tester
Email address: test1@example.com
Comment: no pw
You selected this USER-ID:

"Test1 Tester (no pw) <test1@example.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
-> Insert O

  1. See dialog: ┌──────────────────────────────────────────────────────┐ │ Please enter the passphrase to │ │ protect your new key │ │ │ │ Passphrase: ________________________________________ │ │ │ │ <OK> <Cancel> │ └──────────────────────────────────────────────────────┘
  1. Press TAB -> <OK> is highlighted.
  2. Press Return.

> I expect it to ask me, if I don't want protection, but after 0.5 sec the dialog:

┌──────────────────────────────────────────────────────┐
│ Please enter the passphrase to                                                                                                        │
│ protect your new key                                                                                                                         │
│                                                                                                                                                                   │
│ Passphrase: ________________________________________                                                           │
│                                                                                                                                                                    │
│       <OK>                              <Cancel>                                                                                                │
└──────────────────────────────────────────────────────┘

reappeared.

And yes: If I install pinentry-gtk2 and follow the steps, it works as excepted.

I'm not sure, if the dialog comes from pinentry-curses or is some kind of gnupg on-board dialog. But it seems,
that this dialog doesn't work as excepted.

It is the pinentry-curses, which is needed to reproduce the problem.
Using tab and Return to navigate the dialog.
After pressing ok, the password question dialog reappears. I tried 20 times to press ok, every time the password question dialog reappeared.
If I press cancel, the process aborts. So I'm sure, I hit the right button.

I debugged some more.

The problem is triggered if the terminal is 80x25.
After pressing ok in the pinentry-curses dialog, I see:
DBG: error calling pinentry: Screen or window too small <Pinentry>

If I enlarge the console size to: 115x25 with the same setup, I see the

You have not entered a passphrase - this is in general a bad idea!
Please confirm that you do not want to have any protection on your key.

dialog, like excepted.

aheinecke triaged this task as Normal priority.May 8 2020, 12:32 PM
aheinecke assigned this task to werner.
aheinecke added a subscriber: aheinecke.

I can reproduce this.

DISPLAY= gpg --yes --homedir $(mktemp -d) --quick-gen-key foo@bar.baz

@werner Do you think that pinentry-curses should be fixed to avoid GPG_ERR_WINDOW_TOO_SMALL by adding line breaks or do you think gpg-agent should handle this better and error out instead of looping.

I think gpg-agent should just abort in that case and print the window too small error.

aheinecke renamed this task from pinentry doesn't allow to set no password to pinentry: pinentry-curses doesn't allow to set no password on small terminals.May 8 2020, 12:32 PM

@aheinecke thanks for commenting.

IMO it should be fixed, because some terminal width cannot easily be changed, so it should work
at least down to 60 characters of width, I'd say. (Of course it is fine to fail if it is getting ridicouosly small, like 10 chars . :) )