It's already possible to define a short and a long hint for the constraints via the file doc/help.txt and its translations. This is a standard technique used by GnuPG for customization of several UI texts. Since the passphrase constraints can be very complex we don't try to come up with a suitable default hint.
Feed Advanced Search
Jul 15 2022
Jul 15 2022
• ikloecker added a comment to T6085: pinentry-qt: Earlier passphrase hint when creating new key.
• ikloecker renamed T6085: pinentry-qt: Earlier passphrase hint when creating new key from earlier passphrase hint when creating new key to pinentry-qt: Earlier passphrase hint when creating new key.
Jul 8 2022
Jul 8 2022
• ikloecker added a comment to T6061: pinentry-qt on wayland does not fallback to pinentry-curses.
It looks like having it set will stop fallback from working entirely? Would you say that this cannot be fixed if WAYLAND_DISPLAY is set like I do above?
quite added a comment to T6061: pinentry-qt on wayland does not fallback to pinentry-curses.
It looks like having it set will stop fallback from working entirely? Would you say that this cannot be fixed if WAYLAND_DISPLAY is set like I do above?
Jul 6 2022
Jul 6 2022
• ikloecker triaged T6061: pinentry-qt on wayland does not fallback to pinentry-curses as Low priority.
pinentry does the following to check if it's running in a GUI session:
// check a few environment variables that are usually set on X11 or Wayland sessions
const bool hasWaylandDisplay = qEnvironmentVariableIsSet("WAYLAND_DISPLAY");
const bool isWaylandSessionType = qgetenv("XDG_SESSION_TYPE") == "wayland";
const bool hasX11Display = pinentry_have_display(argc, argv);
const bool isX11SessionType = qgetenv("XDG_SESSION_TYPE") == "x11";
const bool isGUISession = hasWaylandDisplay || isWaylandSessionType || hasX11Display || isX11SessionType;i.e. it checks if a few environment variables are set or have a specific value.
Jun 23 2022
Jun 23 2022
gspr updated the task description for T6041: pinentry-qt dialog window no longer floats under Sway (fixed after 1.2.0).
gspr updated the task description for T6041: pinentry-qt dialog window no longer floats under Sway (fixed after 1.2.0).
• ikloecker updated the task description for T6041: pinentry-qt dialog window no longer floats under Sway (fixed after 1.2.0).
Jun 9 2022
Jun 9 2022
• gniibe added a comment to T5977: Smartcard PIN stays in clear in memory.
Backported to GnuPG 2.2.
Jun 1 2022
Jun 1 2022
I take this ticket. The way to go is removing all such cases.
May 31 2022
May 31 2022
• gniibe added a comment to T6007: coverity issues in pinentry.
Reference to a CVE for old MinGW-W64: https://nvd.nist.gov/vuln/detail/CVE-2018-1000101
https://sourceforge.net/p/mingw-w64/bugs/709/
• werner added a comment to T6007: coverity issues in pinentry.
At least old Windows versions did not add a nul in the truncation case. Thus I used to make that sure. I don't think we need it anymore.
May 30 2022
May 30 2022
Jakuje added a comment to T6007: coverity issues in pinentry.
AFAIK the above case has a lot of wiggle room to fit one PID and the surrounded string into 400 bytes and even if it would need to truncate, it would write terminating character, at least on Linux:
• ikloecker added a comment to T6007: coverity issues in pinentry.
--- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -351,7 +351,6 @@ get_pid_name_for_uid (unsigned long pid, int uid) char *uidstr;
May 27 2022
May 27 2022
May 25 2022
May 25 2022
• gniibe added a comment to T5977: Smartcard PIN stays in clear in memory.
Pushed the solution which doesn't require new flag for libassuan.
• gniibe added a comment to T5977: Smartcard PIN stays in clear in memory.
^-- I withdraw the solution (with error value) above.
May 24 2022
May 24 2022
• gniibe added a comment to T5977: Smartcard PIN stays in clear in memory.
Or, it would be good for client side (in this case, gpg-agent) to specify the flag in the inquiry callback, that is, it's a kind of transient flag for a single transaction.
• gniibe added a comment to T5977: Smartcard PIN stays in clear in memory.
Revised version with new flag ASSUAN_CLEAR_INQUIRY_DATA.
May 19 2022
May 19 2022
• gniibe added a comment to T5977: Smartcard PIN stays in clear in memory.
For this particular issue of assuan_inquire, if it's needed, the point we should fix is:
May 18 2022
May 18 2022
• werner added a comment to T5977: Smartcard PIN stays in clear in memory.
AFAICS, we need to implement a new Assuan flag and wipe the data passed to the callback after the callback returned.
May 13 2022
May 13 2022
May 12 2022
May 12 2022
• ikloecker changed the status of T5972: Can't insert charaters in a magic-wand generated password from Open to Testing.
Editing a formatted password should work now as expected.
• ikloecker added a project to T5972: Can't insert charaters in a magic-wand generated password : Restricted Project.
• ebo reassigned T5972: Can't insert charaters in a magic-wand generated password from • ebo to • ikloecker.
• ebo added a comment to T5972: Can't insert charaters in a magic-wand generated password .
Its an issue of cursor position. If one either deletes or inputs a a character anywhere in the password string, the cursor always jumps to the end of the string.
May 11 2022
May 11 2022
• werner triaged T5972: Can't insert charaters in a magic-wand generated password as Normal priority.
Apr 29 2022
Apr 29 2022
• werner triaged T5955: pinentry-efl sends warnings to stderr, does not close windows during getpin as Normal priority.
Apr 28 2022
Apr 28 2022
Apr 4 2022
Apr 4 2022
LRitzdorf added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.
On at least some small terminals (like the smartphone size I mentioned in my original comment), I can confirm that this is a true loop. When originally reporting the issue, one of the things I tested was repeatedly pressing the Enter key with an empty password field. In that test, the password prompt looped for the 20 or so times I continued to press Enter.
Apr 1 2022
Apr 1 2022
• ikloecker added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.
I experimented a bit. The problem is the size of button texts of the confirmation dialog, i.e. of "Yes, protection is not needed" and "Enter new passphrase". pinentry-curses checks if 3 times the size of the longest text plus a few pixels for the frame fit into the terminal's width. There can be up to 3 buttons, but in case there are only two buttons this check is too strict.
• ikloecker added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.
Hmm, okay. Trying the same on an 80x72 terminal I can indeed reproduce a loop. Sorry, for the noise.
• ikloecker added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.
Just one bit of additional information: Using gpg (GnuPG) 2.3.5-beta17 on a large terminal I just tried quick generating a new key with a fresh GNUPGHOME where I only set pinentry-program /usr/bin/pinentry-curses in ${GNUPGHOME}/gpg-agent.conf.
bernhard renamed T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals from pinentry: pinentry-curses doesn't allow to set no password or weak passwords on small terminals to pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.
bernhard added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.
I don't see a point in trying to make the fancy curses pinentry work on small terminals.
Mar 31 2022
Mar 31 2022
• werner added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.
There is also the very simple pinentry-tty
LRitzdorf added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.
As an end user, the --pinentry-mode=loopback flag does exactly what I'd want to resolve this issue. Just to give it more visibility, is there any chance we could try to detect when the user's terminal is too small, and print a message suggesting they use that flag?
• ikloecker added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.
I don't see a point in trying to make the fancy curses pinentry work on small terminals. People using small terminals can use --pinentry-mode=loopback to get a simple passphrase prompt that works on terminals of any size.
bernhard added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.
From my point of view it should be fixed by adding line-breaks to make it work on small terminals. It is better to break the formatting, but allow it, instead of bailing out and leaving the user only with the option to use the more complicated interface. This problem could also affect other password entries where a longer information is displayed.
bernhard added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.
An alternative to password creation in small terminals could be https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html#Unattended-GPG-key-generation
bernhard renamed T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals from pinentry: pinentry-curses doesn't allow to set no password on small terminals to pinentry: pinentry-curses doesn't allow to set no password or weak passwords on small terminals.
bernhard added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.
@LRitzdorf it should work if you enter an acceptable passphrase. (I've just tried with 56x51 widthxheight and it worked)
Mar 25 2022
Mar 25 2022
• werner renamed T5885: Better message than "Inappropriate ioctl for device" for tty pinentries from gpg --import of secret key from stdin fails confusingly to Better message than "Inappropriate ioctl for device" for tty pinentries.
• gniibe added a project to T5893: Patches to compile pinentry-1.2.0 cleanly with mingw.org's MinGW: Restricted Project.
Mar 24 2022
Mar 24 2022
• gniibe added a comment to T5893: Patches to compile pinentry-1.2.0 cleanly with mingw.org's MinGW.
And I move functions from pinentry.c to pinentry-curses.c, so that pinentry-w32.exe can be build with no libiconv (which is actually not used).
Thank you for your report.
Mar 15 2022
Mar 15 2022
• werner renamed T5879: Source of Pinentry title from Source of password prompt to Source of Pinentry title.
• ikloecker added a comment to T5879: Source of Pinentry title.
Do you mean something like this
Mar 14 2022
Mar 14 2022
Mar 7 2022
Mar 7 2022
Mar 3 2022
Mar 3 2022
• ikloecker placed T5863: pinentry-qt: Further improve the accessibility up for grabs.
• ikloecker changed the status of T5863: pinentry-qt: Further improve the accessibility from Open to Testing.
Ready for testing
Mar 2 2022
Mar 2 2022
• ikloecker closed T5867: pinentry-qt: Image on left side looks broken if pinentry shows an error as Resolved.
pinentry-qt with new icon:
I will add a suitable icon from the Breeze style.
• ikloecker closed T5866: pinentry-qt: Pressing Enter after entering first password shows password mismatch error as Resolved.
Closing this task since the original feature request is still in the QA queue.
Mar 1 2022
Mar 1 2022
• ikloecker moved T5863: pinentry-qt: Further improve the accessibility from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Feb 10 2022
Feb 10 2022
JaminCollins added a comment to T2818: expected behavior unclear when using gpg from ssh on a machine with a running X11 session.
While searching for a solution to this, I found multiple reports of people that appear to be impacted by this 5 year old issue.
Jan 17 2022
Jan 17 2022
• aheinecke added a comment to T5786: Pinentry-qt: Context menu in english.
Btw. had to revert your unique ptr change ;-) I didn't want to raise the c++ level just for that.
ikloecker I have just added the ki18n main code to pinentry-qt as qti18n.cpp this fixes it for me. I have commented out everything but the base catalog.
• ikloecker added a comment to T5786: Pinentry-qt: Context menu in english.
OTOH, inst-qttranslations.nsi copies all .qm files needed by the qt_<language>.qm files.
• ikloecker added a comment to T5786: Pinentry-qt: Context menu in english.
For the appimage I have added a patch (backported from ki18n) that makes sure that the Qt translations for qtbase are loaded even if the (unneeded) translations for qtscript, qtmultimedia, and qtxmlpatterns are missing. See 0001-Load-Qt-translations-even-if-some-catalogs-are-missi.patch.
Jan 12 2022
Jan 12 2022
twpayne added a comment to T5772: pinentry-mac: PIN not escaped when using quality bar.
You'll have to talk to the people you got pinentry-mac from.
I don't know about pinentry-mac but it seems to be another name for
one our our regular pinentry variants.
• ikloecker added a comment to T5772: pinentry-mac: PIN not escaped when using quality bar.
We provide lots of different flavors of pinentry, but we do not provide pinentry-mac. You'll have to talk to the people you got pinentry-mac from.
Jan 11 2022
Jan 11 2022
Dec 21 2021
Dec 21 2021
That is a security feature of WIndows. We can't do much about it except for bad hacks. Checkout Kleopatra to see how you can improve this.
Saturneric updated the task description for T5746: Pinetry always loses focus after popping up under Windows.
Dec 2 2021
Dec 2 2021
• gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.
What would be setting those? And how do I disable it?
pzich added a comment to T5693: GPG sign in corrupts larger terminal sizing.
It does have them defined!
$ gpg-connect-agent "getinfo getenv COLUMNS" /bye D 80 OK $ gpg-connect-agent "getinfo getenv LINES" /bye D 24 OK
What would be setting those? And how do I disable it?
• gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.
A possibility is that gpg-agent which invokes pinentry happens have COLUMNS and LINES defined, then, pinentry misbehaves.
• gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.
Thanks again for further information.
pzich added a comment to T5693: GPG sign in corrupts larger terminal sizing.
Hmm, I added that to my formula, and see ncurses 6.3 now, however the issue still occurs.
dyld[20991]: <55AFFB3D-2011-35CC-9486-B30BC1CA12F7> /opt/homebrew/Cellar/pinentry/1.2.0/bin/pinentry-curses dyld[20991]: <AAD35EC9-FC8A-3ED4-A829-C59E710CEA8A> /opt/homebrew/Cellar/libassuan/2.5.5/lib/libassuan.0.dylib dyld[20991]: <59683137-0511-3681-8BA6-04A78592B197> /opt/homebrew/Cellar/libgpg-error/1.43/lib/libgpg-error.0.dylib dyld[20991]: <A9DA1A80-D101-339B-9637-85A65285E050> /opt/homebrew/Cellar/ncurses/6.3/lib/libncursesw.6.dylib dyld[20991]: <679CDB15-D472-38E8-8840-B38874010D51> /usr/lib/libSystem.B.dylib dyld[20991]: <BB47A721-69A7-3EEA-9D9B-82F88FFF2641> /usr/lib/system/libcache.dylib dyld[20991]: <E6CCD148-5E91-3111-BE37-1C19402F4637> /usr/lib/system/libcommonCrypto.dylib dyld[20991]: <92001FF7-799E-3BA8-BF46-5FA01FFB952C> /usr/lib/system/libcompiler_rt.dylib dyld[20991]: <6BE94DC2-F363-3D76-B056-F45D4B56E152> /usr/lib/system/libcopyfile.dylib dyld[20991]: <881973B2-0426-325F-8D1A-17D60AE0CBFA> /usr/lib/system/libcorecrypto.dylib dyld[20991]: <9C4116F5-B8EB-3A00-B4B5-54AF6A76F66B> /usr/lib/system/libdispatch.dylib dyld[20991]: <96ECED73-F10C-3941-91A7-00254B907499> /usr/lib/system/libdyld.dylib dyld[20991]: <F7CDC52B-7961-3283-A30F-B06E2E6ED6AB> /usr/lib/system/libkeymgr.dylib dyld[20991]: <8D2BECEF-1038-3F2C-B8EF-B02C03092286> /usr/lib/system/libmacho.dylib dyld[20991]: <3D861651-91A7-3D78-B43B-ECAA41D63D9E> /usr/lib/system/libquarantine.dylib dyld[20991]: <FA2D8F89-D9C4-316F-9FDC-BFF1A791BD4E> /usr/lib/system/libremovefile.dylib dyld[20991]: <61963381-E322-3D0F-855D-CE1EA31FA4E1> /usr/lib/system/libsystem_asl.dylib dyld[20991]: <770FEB1F-FE27-3670-810F-A063D281CC8D> /usr/lib/system/libsystem_blocks.dylib dyld[20991]: <660D7866-E2A2-3651-A0A5-806E9217736B> /usr/lib/system/libsystem_c.dylib dyld[20991]: <1F580793-A1C3-30C6-A9BC-7789C14677AE> /usr/lib/system/libsystem_collections.dylib dyld[20991]: <8370E8A5-EADF-3A2C-9D5B-CA148723A5CA> /usr/lib/system/libsystem_configuration.dylib dyld[20991]: <30C492F6-C9E6-3C1D-BE52-CA4F4FC824D6> /usr/lib/system/libsystem_containermanager.dylib dyld[20991]: <F2A34B01-C264-3B7E-B3C9-1671E9E3C185> /usr/lib/system/libsystem_coreservices.dylib dyld[20991]: <01C0D793-E5FB-3141-95D6-32A973F9FFF8> /usr/lib/system/libsystem_darwin.dylib dyld[20991]: <AED9DAFC-7AB1-31CF-96A1-14C87B614DD3> /usr/lib/system/libsystem_dnssd.dylib dyld[20991]: <F0456F65-B4DF-3E14-91DC-C0C2A7954233> /usr/lib/system/libsystem_featureflags.dylib dyld[20991]: <5E36F087-5EF7-33B7-ACDA-CAE1C4A97621> /usr/lib/system/libsystem_info.dylib dyld[20991]: <6AB180A4-1D1E-3FA1-88B7-A7866EFACFC8> /usr/lib/system/libsystem_m.dylib dyld[20991]: <7C9F7726-62C1-3B03-8130-03E8A2A68DDF> /usr/lib/system/libsystem_malloc.dylib dyld[20991]: <2F331637-80F6-3208-816F-618DA9081899> /usr/lib/system/libsystem_networkextension.dylib dyld[20991]: <3701D756-7023-30C0-9A36-852971092AA9> /usr/lib/system/libsystem_notify.dylib dyld[20991]: <4234FAEC-7D18-30E7-AEAD-E9FB6922AFE9> /usr/lib/system/libsystem_product_info_filter.dylib dyld[20991]: <1214F568-24BF-379F-8A86-FF947EE5F18A> /usr/lib/system/libsystem_sandbox.dylib dyld[20991]: <49553CC1-66C3-32B1-91C6-4415DE230F58> /usr/lib/system/libsystem_secinit.dylib dyld[20991]: <17550B77-D255-389A-B779-906AF75314B6> /usr/lib/system/libsystem_kernel.dylib dyld[20991]: <8B28F7A3-6681-3D34-92AE-3688A74F50E6> /usr/lib/system/libsystem_platform.dylib dyld[20991]: <AA39FF66-B3F0-3777-99BC-F4A4C5CBD566> /usr/lib/system/libsystem_pthread.dylib dyld[20991]: <73885FA5-76B6-3AA3-8D91-60B2E0078F99> /usr/lib/system/libsystem_symptoms.dylib dyld[20991]: <362E885B-20EA-395B-BB01-6E46B864294D> /usr/lib/system/libsystem_trace.dylib dyld[20991]: <D0A538E3-7A75-395A-993C-A3EA7947F55A> /usr/lib/system/libunwind.dylib dyld[20991]: <A77B4CE2-0855-3C19-B4A6-47B094CF0DDA> /usr/lib/system/libxpc.dylib dyld[20991]: <52A50407-CD9B-3A67-A0C2-2D9D6F3043BF> /usr/lib/libc++abi.dylib dyld[20991]: <8FCA2160-F786-398A-AEAC-2B3D5BD72BB8> /usr/lib/libobjc.A.dylib dyld[20991]: <6B0DE0DE-0EA2-3948-8B7D-8BA309414B27> /usr/lib/liboah.dylib dyld[20991]: <20FBE382-CC21-324E-8813-C84B94CC04EF> /usr/lib/libc++.1.dylib dyld[20991]: <A714AC09-9E2D-3608-B8C1-D6300E852308> /usr/lib/libiconv.2.dylib dyld[20991]: <1907D41B-6D4B-3EA0-AD3B-5770431B6327> /usr/lib/libcharset.1.dylib
Dec 1 2021
Dec 1 2021
• gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.
So, the solution is to build pinentry with newer ncurses. As I wrote in another comment, it's adding a single line to the formula.
Nov 30 2021
Nov 30 2021
• gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.
Thank you for the info.
pzich added a comment to T5693: GPG sign in corrupts larger terminal sizing.
I ran DYLD_PRINT_LIBRARIES=1 DYLD_PRINT_LIBRARIES_POST_LAUNCH=1 DYLD_PRINT_RPATHS=1 pinentry-curses and see libncurses.5.4 (full output below).
• gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.
Is there some other command I should run to check which curses it's using? I see there's a --debug flag but I'm not sure how to use it.
• gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.
I think that either of following might be true:
(1) macOS has older ncurses (which doesn't support ioctl well, to get columns/lines info) in system
(2) macOS has BSD curses (with no suport for ioctl)
pzich added a comment to T5693: GPG sign in corrupts larger terminal sizing.
I installed it with brew and didn't provide any special options. This is one of the new M1 macs though, so perhaps there is some platform check deep in the install that is getting confused?
• gniibe added a comment to T5693: GPG sign in corrupts larger terminal sizing.
Thank you for the information. So, you don't have these environment variables set.
pzich added a comment to T5693: GPG sign in corrupts larger terminal sizing.
printenv COLUMNS LINES shows no output, however if I echo $COLUMNS $LINES I see 160 48 both before and after the password prompt.
Curses application (of pinentry) get information of screen size by:
- environment variables (COLUMNS, LINES)
- operating system using TIOCGSIZE or TIOCGWINSZ ioctl
- tinfo data base
Nov 16 2021
Nov 16 2021
pzich added a comment to T5693: GPG sign in corrupts larger terminal sizing.
Pinentry: pinentry-curses (pinentry) 1.2.0
OS: macOS 12.0
Terminal: xterm-256color (via zsh in the default Terminal.app)
What is your Pinentry version, which OS is that, and which terminal type?