Page MenuHome GnuPG

Improvements for symmetric encryption
Open, NormalPublic

Description

For symmetric encryption pinentry should have the option to generate a passphrase.

This action is already implemented but currently commented out in pinentrydialog.cpp:195

I had commented it out because it was ugly in so far that it just showed a long string and there was no formatting. I think we need to brake this up at least into 4 Character parts and then split them somehow. If we format it, e.g. Uppercase and then split with dashes we would also need some kind of formatted input way to avoid that users either drop the dashes or insert them.

We cannot provide a real grouping because the size of the passphrase is configuration dependendent. But I think we could add a "formatted passphrase" checkbox. That we could also read from a configuration or a registry string to make it the only way to input a password in some deployments. In this mode we could input the dashes by ourself and uppercase the password and also only allow zbase32 characters.

Event Timeline

aheinecke triaged this task as Normal priority.Jul 1 2021, 10:15 AM
aheinecke created this task.
aheinecke added projects: Restricted Project, pinentry.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Tue, Jul 6, 9:11 AM

For formatting there are four modes: Formatting forced off (the default)/force on/on/off. The latter two modes allow the user to change the option.

Pinentry after start with "forced on" mode:

Pinentry after start with "off" mode:

Pinentry after generating passphrase (automatically makes passphrase visible, selects passphrase for copying and enables formatting):

Pinentry after generating passphrase and then hiding it (the main point here is that the hidden passphrase is not formatted):