As this task has no obvious next step I'm closing it.

Doesn't look like T4347 in that no errors show
stopping daemons and restarting kleoptra "sometimes" fixes it and pinentry windows shows, until it does all operations fail with pinentry missing
running pinentry-qt.exe I get
Please note that you don't have secure memory on this system
OK Pleased to meet you
We seem to have stopped it happening by randomly changing settings - generating blank conf files, reinstalling pgp4win but cannot pinpoint exactly what change fixes the error and because it's intermittent we may just be getting lucky

Could it be that you are running into: T4347 ? Maybe this will just be fixed for you then in the next version.

@nbriggs No this is not related if you get "no pinentry" it means pinentry is not started at all. This issue is about pinentry starting but not properly coming to the foreground. I've opened T4430 for your issue.

in I think a related scenario we are having the pinentry window not spawn at all, leading to "no pinentry" errors
Win 10 latest patches Mar 2019
Version 3.1.4-gpg4win-3.1.5
We've tried a few hacks including adding the .conf file to C:\Program Files (x86)\GnuPG\bin with
pinentry-program "C:\Program Files (x86)\Gpg4win\bin\pinentry-qt.exe"

Thanks for the confirmation. Although I still don't really know how to fix it :-(

I can also confirm this bug!

The issue for the quality indication is: T2103

FWIW I like @gouttegd 's patchset.

In T4346#122098, @werner wrote:

The quality bar is switched off by default. That feature including the quality was ordered and accepted by a client. I don't like it either and thus the new default of having it disabled is a useful solution.

thanks for the report. Yes this is a known issue. This pinentry is so basic that it does not have dynamic layout as we don't include GUI libraries in the basic installer. For a better pinentry you can install Gpg4win.
In the future we are thinking about adding a pinentry based on the small "FLTK" toolkit, with dynamic layout.

Original issue (of pinentry-curses, which should be killed by CTRL-C) is related to T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry, I suppose. It is fixed in master and testing.
I don't know about the second one with pinentry-tty.

Pinentry already has a ttyalert option which may be set to beep or flash to ring the bell or flash the terminal, respectively (see commit 1dba96fafa123f3631c0a50bb01835306c23b903).

I can't tell whether this bug report is about all the ways that we wish that GnuPG's default password process was better, or whether it's about one specific change.

Regarding the quality evaluation, several months ago I proposed to optionally delegate that task to an external tool (specified by a new gpg-agent option passphrase-checker). I posted a first draft as D442 and then submitted a proper patchset to gnupg-devel, but although @werner expressed interest it was never merged. I have just checked that the patchset still applies cleanly to both the master branch and the STABLE-BRANCH-2-2. I can re-submit it to the mailing list if needed.

I have updated Pinentry’s configure script to support the --disable-doc option, as it is indeed supported in other GnuPG components.

Patch applied, thanks.

Patch applied, thanks.

The quality bar is switched off by default. That feature including the quality was ordered and accepted by a client. I don't like it either and thus the new default of having it disabled is a useful solution.

But to resolve this bug I also want to remove stuff like "ooooh you should use numbers or something like that" we have that in configuration but our default code is too dumb to be useful (afaik "password" is accepted with 90% quality). We also have a bug for the quality thingy, which I also find important because that is the first contact with our software.

Found it: T3724

No that bug is different. Nowadays you have to solve four dialogs to create a key without a passphrase.

So you mean the bug that you see a second set of passphrase dialogs iff you told the first one that you don't want a passphrase? That is not trivial to fix because we use the passphrase cache to avoid the double passpharse questions. Without passphrase cache we need a separate code path.

No! That is not what I want with this issue. We should ask once for a passphrase and then shut up.

Yeah, it is annoying. Maybe it is indeed better not to ask for a passphrase at all.

The problem only occurs with the gtk platformtheme.

BTW I am aware that Git repository does not contain many files which are prebuilt in tarballs. I am okay with that, I know the difference. I am just reporting that pinentry's configure script is missing an option, which is clearly needed and which is present in other components.

I wasn't using tarballs. I have fetched code from Git (git clone git://git.gnupg.org/pinentry).

Well, that is a detailed bug report. Thanks.

This issue prevents a user from accessing any other window on their system while the pinentry prompt is up. This issue is different than T2145. This issue is explicitly about the system-wide nature of the modal. The other issue is about auto-typing from a password manager.

@a_p3rson : Yes. I agree that I think that cepxuo meant something differently then you.

Could you say, on which platforms exactly it should work?

Yes, due it uses adwaita-qt theme.
Yes, I can start it on the command line and it works, but gives a warning.

I think the point of my request was originally missed. I will take a screen
capture of the pinentry workflow during authentication and signing tasks -
in my opinion, they should be the same. However, during signing, the window
gets display focus (Windows switches it to the active window), whereas
during authentication it does not (and has to be alt-tabbed/switched to for
pin entry).

Andre explained that we don't do that anymore on purpose. Duck and read the discussion related to this if you are intereested. A related thing is that no-grab does not work on all platforms because it was designed for standard X but nowdays toolkits have their own ideas what is right and what is wrong.

no-grab does only work on certain platforms. Thus this is no bug.

pinentry-qt giving Gtk- warnings? Very strange. Please give an example. You can start pinentry on the command line like

if you start gpg-agent in that deprecated way it sees the envvars. it will even see them if it is as suggested started on-demand by gpg. However, things are different when a gpg-agent is already running; in that case only the listed envvars are conveyed to the pinentry.

It's white due to https://dev.gnupg.org/T4144

Moreover, pinentry-qt doesn't ignore env if it runned from gpg-agent. So you are wrong about technical reason.

for comparison pinentry-qt doesn't ignore env:

"partially" means it doesn't allow to input elsewhere, but in case of focus loose input will go nowhere

At least it MUST NOT grub input with no-grab option. But it doesn't allow to input elsewhere in any case.

I don't know about gpg-agent, but pinentry-gnome3 ignores $GTK_THEME (and $GDK_SCALE) even if I run it directly:

$GTK_THEME=Adwaita:dark GDK_SCALE=2 /usr/bin/pinentry-gnome3
OK Pleased to meet you
GETPIN

I would call that a feature because it makes sure that the Pinentry always shows up the same regardless of an application selects a different theme.

We know that. And pinentry-gtk does like that.

It's possibe to do via gtk3 directly:
https://developer.gnome.org/gtk3/stable/gtk3-General.html#gtk-device-grab-add

Yes. It's up to GCR library in GNOME.

By grabbing I mean that it's not possible to input elsewhere. Same as ssh-askpass does.

By grabbing I mean that it's not possible to input elsewhere. Same as ssh-askpass does.

I confirm this bug!

Well, the counterpart in gpg-agent is missing.

By grabbing I guess you mean that the cursor / keyboard input is automatically focused on the input field? I also noticed that this sometimes does not work well.

I'm seeing this as resolved. It's a design decision by the pinentry-gtk maintainer. pinentry-qt is the default pinentry for windows and there pasting works, as you have confirmed.

Thanks. I added all standard names to that list.

@gouttegd Thank you very much!

Following in-person discussion with @werner last week, I have now added this EFL pinentry to the master branch of pinentry (commit 948105b).

Thanks for the quick reply @aheinecke.

I (as the maintainer of pinentry-qt) fully agree with your sentiment. I changed it in pinentry-qt (since version 1.0.0) so that the keyboard input is only grabbed (which is a security feature) when the input focus is on the passphrase entry as I found it very annoying myself.

Then please set DISPLAY ;-)

Just tested 1.1.0 - no difference. BTW, check references issues, they contain strace output and mention why this happens: dropped root capabilities to ignore file permissions.