Tue, Oct 29
Thanks for the follow-up Werner.
Then better do not use a curses pinentry. It can't guarantee that another process changes the tty properties. For security reasons it is better to run the pinentry in a different window (ie. a GUI based pinentry).
Sep 21 2019
It is not just about being annoying but for security reasons. It would be too easy for other applications *think webbrowser or Acrobat) to take a screenshot and pop up a modified version of that screenshot with data entries to act as a MitM.
Sep 15 2019
The feature has been implemented for the -qt, -tqt, -gtk, and -curses pinentries.
Aug 20 2019
reviewing this, i think the situation is:
Jul 29 2019
I think the problem is the following:
Jul 28 2019
False alarm. Turns out pinentry-gtk-2.exe is also not working all the time.
@bb - I've tried this, this doesn't appear to work. It looks like the Gtk2 pinentry doesn't grab focus when doing authentication, either. Interestingly enough, it also doesn't show in the taskbar.
Jul 27 2019
pinentry-program "C:\Program Files (x86)\Gpg4win\bin\pinentry-gtk-2.exe"
as a workaround to my gpg-agent.conf. This pinentry is able to grab the focus.
Does anyone has an update on this issue?
I've just uploaded pinentry 1.1.0-3 to debian unstable with this fix in it.
@aheinecke thanks for the heads-up. i'll pull this in.
Jul 25 2019
I can confirm that the patch from the referenced commit fixes the issue. Thanks for the quick action!
thanks for the report. I've commited a different fix 0e2e53c8987d6f236aaef515eb005e8e86397fbc which also should solve the problem.
Adding the patch here.
Jul 13 2019
Thanks for all the fixes! I can confirm commit dad35d65f05eb1c15589a7e4755dcae6aed2d6cf works just fine on all my machines (Linux & macOS).
Jul 11 2019
gpg-agent side is fixed to relax the error handling.
Jul 10 2019
I pushed the fix. Thanks for your cooperation.
Thanks for further testing.
I realized that it's not the left border drawing problem in fact, but the newline should be between the description and passphrase line.
I'm going to fix this.
Jul 9 2019
Thanks for the further fix! With that only a minor hiccup remains:
Thanks for the update! With git-master, the toy example above works fine. However, pinentry-curses seems to hang with real commands from gpg. Here is an example:
$ ./curses/pinentry-curses OK Pleased to meet you SETDESC 請輸入密語來解鎖 OpenPGP 私鑰:%0A%22Chih-Hsuan Yen <email@example.com>%22%0A3072 位元長的 DSA 金鑰, ID F98EF2A7B0A098AE,%0A建立於 2018-04-25 (主要金鑰 ID 3FDDD575826C5C30).%0A OK SETPROMPT 密語: OK GETPIN
(CPU usage of ./curses/pinentry-curses goes > 90%)
I pushed the change to master.
Jul 1 2019
Well in my browser (Firefox) the dialogs are not rendered correctly. Here are the two dialogs in the terminal:
Jun 27 2019
Thanks for the feedback, @werner. I think I understand the reasons that we've gotten to this place -- but that doesn't mean i think it's ok to stay here. In this bug report, i'm pointing out that the documentation and the feedback/error reporting is misleading, which leads to difficulty in debugging. We need to do something about it.
pinentry-gnome has no grab support. However, it needs to accept that option so that gpg-agent does not error out. We want to have the same global options for all pinentries. Whether they work depends on the pinentry and other parameters. For example when falling back to curses grab won't work in any pinentry.
Jun 26 2019
I note that this is likely happening because we are using gcr's system-modal prompter. I haven't looked into whether it's even possible to use gcr in a non-system-modal way, but i'd welcome pointers.
Jun 4 2019
No worries -- you led me in the direction of a solution when you mentioned loopback mode. I appreciate your time and your help!
Sorry, I responded in a mode of "tracking a bug to fix soonish". I should have changed my mode into showing HOWTO.
Thanks for sharing useful link.
Jun 3 2019
I found these instructions for pinentry loopback in Emacs, and they worked!
When you can configure it properly, there is a way to workaround it.
For (1): it is broken out-of-the-box, that would be true. When you can configure it properly, there is a way to workaround it. Well, I admit, it's not yet perfect.
Thank you for that analysis. I don't understand some of the parts (because I don't know anything about pinentry), but I do have some questions.
Thanks for your report. The symptom you have could be only solved by using pinentry loopback mode, or using some special pinentry for CLI, I suppose. pinentry-tty is not sufficient for this usage.