Page MenuHome GnuPG
Create Task
Maniphest T5517

Improvements for symmetric encryption
Closed, ResolvedPublic
Actions

Description

For symmetric encryption pinentry should have the option to generate a passphrase.

This action is already implemented but currently commented out in pinentrydialog.cpp:195

I had commented it out because it was ugly in so far that it just showed a long string and there was no formatting. I think we need to brake this up at least into 4 Character parts and then split them somehow. If we format it, e.g. Uppercase and then split with dashes we would also need some kind of formatted input way to avoid that users either drop the dashes or insert them.

We cannot provide a real grouping because the size of the passphrase is configuration dependendent. But I think we could add a "formatted passphrase" checkbox. That we could also read from a configuration or a registry string to make it the only way to input a password in some deployments. In this mode we could input the dashes by ourself and uppercase the password and also only allow zbase32 characters.

Revisions and Commits

rG GnuPG
rGc6a4a660fdb9 agent: New option --check-sym-passphrase-pattern.
rG32fbdddf8b47 agent: New option --pinentry-formatted-passphrase
rG9832566e4512 agent: Add checkpin inquiry for pinentry
rG7c45a69eb988 agent: New option --check-sym-passphrase-pattern.
rG99601778f4a9 agent: Make --pinentry-formatted-passphrase a simple flag
rG5976d293ef9b agent: Add checkpin inquiry for pinentry
rGbf20a80f6844 agent: New option --pinentry-formatted-passphrase
rP Pinentry
rP082abf916e06 doc: Change group size for passphrase formatting to five
rP5a6d70cf7d7b qt: Change group size for passphrase formatting to 5
rPd285c2cb1f61 qt: Make sure the message box is centered on top of the pinentry
rPe0b4e552638e qt: Always make passphrase visible after generating it
rP1349fb7bcb5c qt: Change calculation of end of selection when enabling formatting
rP06190adba5ac qt: Remove checkbox for passphrase formatting
rP1ae88d753218 qt: Fix calculation of end of selection when disabling formatting
rPc42c6371fcf8 Make passphrase formatting a simple flag
rP990afda6a9a1 qt: Add missing header files to sources
rPf622321df5bb qt: Cancel timeout on more user interactions
rP6191d4f06c8b qt: Ensure that malloced strings are free'd
rPfefd730651b6 qt: Improve message shown if passphrase does not satisfy constraints
rPb0969ef692ac qt: Check passphrase constraints before accepting passphrase
rP8f5d4532fbd6 Add support for passphrase constraints options and checkpin inquiry
rPdeb97f3eb65f Add support for formatted passphrase options
rPde7024156777 qt: Support passphrase formatting
rP8ad23d6f18ce qt: Copy passphrase without separators to clipboard
rP85b180f1b014 qt: Show hint if passphrase is shown and formatting is enabled
rP5a5a4de1a32e qt: Select passphrase after generation
rP742462d8a4d1 qt: Enable passphrase generation
rPd875dba1cf87 qt: Keep selection when enabling/disabling passphrase formatting
rP64695a5e6f7b qt: Enable formatted passphrase after generating passphrase
rP456d81a82da1 doc: Document the passphrase generation
rP621500c87258 Fix Assuan commands mentioned in comments

Related Objects
Search...

Event Timeline

aheinecke triaged this task as Normal priority.Jul 1 2021, 10:15 AM
aheinecke created this task.
aheinecke added projects: Restricted Project, pinentry.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jul 6 2021, 9:11 AM
ikloecker added a comment.Jul 19 2021, 10:36 AM

For formatting there are four modes: Formatting forced off (the default)/force on/on/off. The latter two modes allow the user to change the option.

Pinentry after start with "forced on" mode:

Pinentry after start with "off" mode:

Pinentry after generating passphrase (automatically makes passphrase visible, selects passphrase for copying and enables formatting):

Pinentry after generating passphrase and then hiding it (the main point here is that the hidden passphrase is not formatted):

ikloecker added a commit: rP621500c87258: Fix Assuan commands mentioned in comments.Jul 21 2021, 5:24 PM
ikloecker added a commit: rP456d81a82da1: doc: Document the passphrase generation.
ikloecker added a commit: rPd875dba1cf87: qt: Keep selection when enabling/disabling passphrase formatting.
ikloecker added a commit: rP64695a5e6f7b: qt: Enable formatted passphrase after generating passphrase.
ikloecker added a commit: rP5a5a4de1a32e: qt: Select passphrase after generation.
ikloecker added a commit: rP85b180f1b014: qt: Show hint if passphrase is shown and formatting is enabled.
ikloecker added a commit: rP742462d8a4d1: qt: Enable passphrase generation.
ikloecker added a commit: rP8ad23d6f18ce: qt: Copy passphrase without separators to clipboard.
ikloecker added a commit: rPde7024156777: qt: Support passphrase formatting.
ikloecker added a commit: rPdeb97f3eb65f: Add support for formatted passphrase options.
ikloecker added a commit: rP8f5d4532fbd6: Add support for passphrase constraints options and checkpin inquiry.Jul 28 2021, 4:00 PM
ikloecker added a commit: rPb0969ef692ac: qt: Check passphrase constraints before accepting passphrase.
ikloecker added a commit: rPf622321df5bb: qt: Cancel timeout on more user interactions.Aug 2 2021, 12:32 PM
ikloecker added a commit: rP6191d4f06c8b: qt: Ensure that malloced strings are free'd.
ikloecker added a commit: rPfefd730651b6: qt: Improve message shown if passphrase does not satisfy constraints.
ikloecker changed the task status from Open to Testing.Aug 2 2021, 5:41 PM
ikloecker reassigned this task from ikloecker to aheinecke.
ikloecker closed subtask T5532: pinentry: Add support for checking passphrase constraints to pinentry-qt as Resolved.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a subscriber: ikloecker.
werner added a commit: rGbf20a80f6844: agent: New option --pinentry-formatted-passphrase.Aug 10 2021, 12:18 PM
werner added a commit: rG5976d293ef9b: agent: Add checkpin inquiry for pinentry.
ikloecker added a commit: rP990afda6a9a1: qt: Add missing header files to sources.Aug 11 2021, 5:44 PM
ikloecker claimed this task.Aug 12 2021, 10:01 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a commit: rG99601778f4a9: agent: Make --pinentry-formatted-passphrase a simple flag.Aug 12 2021, 3:33 PM
ikloecker added a commit: rPc42c6371fcf8: Make passphrase formatting a simple flag.Aug 12 2021, 4:16 PM
ikloecker added a commit: rP1ae88d753218: qt: Fix calculation of end of selection when disabling formatting.
ikloecker added a commit: rP06190adba5ac: qt: Remove checkbox for passphrase formatting.
ikloecker added a commit: rP1349fb7bcb5c: qt: Change calculation of end of selection when enabling formatting.
ikloecker added a commit: rPe0b4e552638e: qt: Always make passphrase visible after generating it.
ikloecker reassigned this task from ikloecker to aheinecke.Aug 12 2021, 4:17 PM
ikloecker closed subtask T5553: pinentry-qt: Simplify formatted passphrase feature as Resolved.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
werner added a commit: rG7c45a69eb988: agent: New option --check-sym-passphrase-pattern..Aug 13 2021, 2:10 PM
ikloecker added a commit: rPd285c2cb1f61: qt: Make sure the message box is centered on top of the pinentry.Aug 16 2021, 11:00 AM
werner added a commit: rG32fbdddf8b47: agent: New option --pinentry-formatted-passphrase.Aug 17 2021, 11:05 AM
werner added a commit: rG9832566e4512: agent: Add checkpin inquiry for pinentry.
werner added a commit: rGc6a4a660fdb9: agent: New option --check-sym-passphrase-pattern..
ikloecker added a commit: rP5a6d70cf7d7b: qt: Change group size for passphrase formatting to 5.Aug 18 2021, 10:10 AM
ikloecker added a commit: rP082abf916e06: doc: Change group size for passphrase formatting to five.Aug 18 2021, 10:14 AM
werner mentioned this in T5405: Release GnuPG 2.3.2.Aug 24 2021, 7:55 PM
werner closed this task as Resolved.Aug 24 2021, 8:01 PM
werner mentioned this in T5566: Release Pinentry 1.2.x.Aug 25 2021, 2:34 PM
werner mentioned this in T5519: Release GnuPG 2.2.30.Aug 26 2021, 9:26 PM
ikloecker mentioned this in T6085: pinentry-qt: Earlier passphrase hint when creating new key.Jul 15 2022, 1:00 PM
ikloecker mentioned this in T5160: Pinentry: Improved generate support.Aug 24 2022, 9:14 PM
ikloecker mentioned this in T4405: Pinentry: Offer to generate a password.Aug 24 2022, 9:23 PM