Page MenuHome GnuPG
Create Task
Maniphest T8055

pinentry-tty: Correct/Cancel/Wrong - what does "C" select?
Closed, ResolvedPublic
Actions

Description

Good morning,

this was reported as https://bugs.debian.org/1126259 by Daniel Haryo Sugondo against gpgsm 2.4.7:

The following situation occurs:
$ gpgsm --list-chain --with-validation
...
Do you ultimately trust

"CN=HARICA Client RSA Root CA 2021
 O=Hellenic Academic and Research Institutions CA
 C=GR"

to correctly certify user certificates?

Yes
Cancel
No

[ycn]? y
Please verify that the certificate identified as:

"CN=HARICA Client RSA Root CA 2021
 O=Hellenic Academic and Research Institutions CA
 C=GR"

has the fingerprint:

46:C6:90:0A:77:3A:B6:BC:F4:65:AD:AC:FC:E3:F7:07:00:6E:DE:6E
Correct
Cancel
Wrong

[ccw]? c
...

There are 2 identical [c], I'm not sure if this intended as correct or
cancel. With pinentry-curses you can choose by moving your marking, but on
pinentry-tty it's not possible.

Edit the file .gnupg/trustlist.txt by hand resolves the problem, but it's not
the point, to use gpgsm.

Revisions and Commits

rG GnuPG
rGeba28eeaa1b1 agent: Add accelerator keys for "Wrong" and "Correct".

Related Objects

Event Timeline

ametzler1 created this task.Sun, Jan 25, 7:47 AM
werner added a subscriber: werner.Sun, Jan 25, 4:14 PM

We need to change the accelerator. Right now gpg-agent uses

/* TRANSLATORS: "Correct" is the label of a button and intended
to be hit if the fingerprint matches the one of the CA.  The
other button is "the default "Cancel" of the Pinentry. */
err = agent_get_confirmation (ctrl, desc, L_("Correct"), L_("Wrong"), 1);

and thus there is no explicit accelerator and the first letter is used. Shall we use "co_Rrect" instead?

werner added a comment.Sun, Jan 25, 4:37 PM

I think "O" is a better key:

to correctly certify user certificates?
  Yes
  Cancel
  No
[ycn]? y
Please verify that the certificate identified as:
  "CN=GlobalSign Root CA
   OU=Root CA
   O=GlobalSign nv-sa
   C=BE"
has the fingerprint:
  B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
  cOrrect
  Cancel
  Wrong
[ocw]? o

This will also introduce accelerator keys for the other pinentries.

werner triaged this task as Low priority.Sun, Jan 25, 4:38 PM
werner mentioned this in T7996: Release GnuPG 2.5.17 (security).Tue, Jan 27, 3:44 PM
werner closed this task as Resolved.Tue, Jan 27, 5:17 PM
werner claimed this task.
werner added a commit: rGeba28eeaa1b1: agent: Add accelerator keys for "Wrong" and "Correct"..Tue, Jan 27, 6:51 PM