Change Details

@dkg I subscribed you because I would be interested in your opinion as a downstream maintainer. I do not think that gpg-agent or pinentry should pop up these annoying dialogs if a user decides not to enter a password or a seemingly (and the logic for that is super weak in gpg-agent) insecure passphrase. Currently this leads me to implement GUI code where the passphrase for keygen is not provided by pinentry but by my own GUI. This should not be the case. There are very many scenarios where "no passphrase" is viable for OpSec and as this increases usability it increases adoption.

Edit 2024-07-04 (clean problem description to get this ticket going again): When using "gpg --generate-key" or "--quick-generate-key" and in the pinentry window don't fill in anything and hit OK, a pop up will ask for confirmation if you really want to create the key without password: {F12296819} After choosing "Yes, protection is not needed" a second pinentry pops up and after again not entering a password a second confirmation window. Only then key-creation is complete. At a minimum the second round of pinentry + confirmation is clearly excessive. But given that at least part of the opinions below is that there should be no backtalk at all and in Kleopatra in Gpg4win nowadays creation without password is the default: Please implement that giving no password in the first pinentry is accepted without any further questions. ------- old description: @dkg I subscribed you because I would be interested in your opinion as a downstream maintainer. I do not think that gpg-agent or pinentry should pop up these annoying dialogs if a user decides not to enter a password or a seemingly (and the logic for that is super weak in gpg-agent) insecure passphrase. Currently this leads me to implement GUI code where the passphrase for keygen is not provided by pinentry but by my own GUI. This should not be the case. There are very many scenarios where "no passphrase" is viable for OpSec and as this increases usability it increases adoption.

Edit 2024-07-04 (clean problem description to get this ticket going again): When using "gpg --generate-key" or "--quick-generate-key" and in the pinentry window don't fill in anything and hit OK, a pop up will ask for confirmation if you really want to create the key without password: {F12296819} After choosing "Yes, protection is not needed" a second pinentry pops up and after again not entering a password a second confirmation window. Only then key-creation is complete. At a minimum the second round of pinentry + confirmation is clearly excessive. But given that at least part of the opinions below is that there should be no backtalk at all and in Kleopatra in Gpg4win nowadays creation without password is the default: Please implement that giving no password in the first pinentry is accepted without any further questions. ------- old description: @dkg I subscribed you because I would be interested in your opinion as a downstream maintainer. I do not think that gpg-agent or pinentry should pop up these annoying dialogs if a user decides not to enter a password or a seemingly (and the logic for that is super weak in gpg-agent) insecure passphrase. Currently this leads me to implement GUI code where the passphrase for keygen is not provided by pinentry but by my own GUI. This should not be the case. There are very many scenarios where "no passphrase" is viable for OpSec and as this increases usability it increases adoption.