On 01/17/2018 06:46 AM, Neil Bothwick wrote:
> On Wed, 17 Jan 2018 06:35:13 -0700, the...@sys-concept.com wrote:
>
>>> What does "eselect pinentry list" tell you?
>>
>>
>> eselect pinentry list
>> Available pinentry binary implementations:
&
On Wed, 17 Jan 2018 06:35:13 -0700, the...@sys-concept.com wrote:
> > What does "eselect pinentry list" tell you?
>
>
> eselect pinentry list
> Available pinentry binary implementations:
> [1] pinentry-qt *
> [2] pinentry-gtk-2
> [3] pinentry
On 01/16/2018 11:47 PM, Alexander Ben Nasrallah wrote:
> On Tue, Jan 16, 2018 at 10:51:40PM -0700, the...@sys-concept.com wrote:
>> When I try to decrypt a file I get:
>>
>> gpg2 text.asc
>> ...
>> gpg: public key decryption failed: No pinentry
>> gpg: dec
On Tue, Jan 16, 2018 at 10:51:40PM -0700, the...@sys-concept.com wrote:
> When I try to decrypt a file I get:
>
> gpg2 text.asc
> ...
> gpg: public key decryption failed: No pinentry
> gpg: decryption failed: No secret key
>
> app-crypt/pinentry-1.0.0-r2 is installed
On 01/17/2018 02:46 AM, Neil Bothwick wrote:
> On Tue, 16 Jan 2018 22:51:40 -0700, the...@sys-concept.com wrote:
>
>> gpg2 text.asc
>> ...
>> gpg: public key decryption failed: No pinentry
>> gpg: decryption failed: No secret key
>>
>> app-crypt/pin
On 01/17/2018 06:46 AM, Neil Bothwick wrote:
> On Wed, 17 Jan 2018 06:35:13 -0700, the...@sys-concept.com wrote:
>
>>> What does "eselect pinentry list" tell you?
>>
>>
>> eselect pinentry list
>> Available pinentry binary implementations:
&
On Wednesday, 17 January 2018 06:47:27 GMT Alexander Ben Nasrallah wrote:
> On Tue, Jan 16, 2018 at 10:51:40PM -0700, the...@sys-concept.com wrote:
> > When I try to decrypt a file I get:
> >
> > gpg2 text.asc
> > ...
> > gpg: public key decryption failed: No pi
On Wed, 17 Jan 2018 07:26:28 -0700, the...@sys-concept.com wrote:
> > Is pinentry-qt installed and working?
>
> "eix pinentry-qt" is not showing any entry, no such program.
>
Try "which pinentry-qt", it's part of the pinentry package, controlled by
USE.
Thanks!
The USE flag "gtk" for the package "app-crypt/gcr" was missing.
After following your instructions, it is working again using
"/usr/bin/pinentry-gnome3":
$ < /etc/portage/package.use/pinentry
app-crypt/pinentry gtk
app-crypt/gcr gtk
On 01/17/2018 07:48 AM, Neil Bothwick wrote:
> On Wed, 17 Jan 2018 07:26:28 -0700, the...@sys-concept.com wrote:
>
>>> Is pinentry-qt installed and working?
>>
>> "eix pinentry-qt" is not showing any entry, no such program.
>>
> Try "wh
On 01/16/2018 11:47 PM, Alexander Ben Nasrallah wrote:
> On Tue, Jan 16, 2018 at 10:51:40PM -0700, the...@sys-concept.com wrote:
>> When I try to decrypt a file I get:
>>
>> gpg2 text.asc
>> ...
>> gpg: public key decryption failed: No pinentry
>> gpg: dec
here any alternative?
I cannot comment directly on the obsolescence of pinentry-gtk2 (most
certainly a decision upstream), but the alternative is pinentry-gnome3.
The gtk flag was not removed because it now configures pinentry-gnome3
instead of -gtk2. You should be able to select that using 'eselect
pin
I am trying to ssh into a site using PKI. I have a private key in my
.ssh directory that requires a passphrase.
ssh is asking me for my passphrase using a terrible program called
pinentry. It's terrible for a bunch of reasons, and if you are
interested you can just google pinentry sucks
On 2021-02-20 15:52+ Michael wrote:
> On Saturday, 20 February 2021 15:22:45 GMT tastytea wrote:
> > Hi!
> > A short while ago, pinentry-gtk2 was removed from
> > app-crypt/pinentry. Around the same time, app-crypt/gnupg was
> > updated. Since then, I can not use
On Thursday 25 February 2010 11:18:54 Willie Wong wrote:
On Thu, Feb 25, 2010 at 07:01:12AM +, Mick wrote:
Why is it trying to call /usr/bin/pinentry-qt?!
`ERR 67109133 can't exec `/usr/bin/pinentry-qt'
Is this a valid binary these days, or an older qt3 version? I think
On Saturday, 20 February 2021 15:22:45 GMT tastytea wrote:
> Hi!
> A short while ago, pinentry-gtk2 was removed from
> app-crypt/pinentry. Around the same time, app-crypt/gnupg was
> updated. Since then, I can not use the gpg-agent from whithin Emacs
> (--deamon) anymore. When I c
Hi!
A short while ago, pinentry-gtk2 was removed from
app-crypt/pinentry. Around the same time, app-crypt/gnupg was
updated. Since then, I can not use the gpg-agent from whithin Emacs
(--deamon) anymore. When I commit something with Magit, I get no
password dialog but this error message instead
On Tue, 16 Jan 2018 22:51:40 -0700, the...@sys-concept.com wrote:
> gpg2 text.asc
> ...
> gpg: public key decryption failed: No pinentry
> gpg: decryption failed: No secret key
>
> app-crypt/pinentry-1.0.0-r2 is installed
What does "eselect pinentry list" tell you?
On Thu, Feb 25, 2010 at 07:01:12AM +, Mick wrote:
2010-02-25 06:48:32 gpg-agent[6741] starting a new PIN Entry
gpg-agent[6741]: can't connect server: `ERR 67109133 can't exec
`/usr/bin/pinentry-qt': No such file or directory'
2010-02-25 06:48:32 gpg-agent[6741] can't connect to the PIN
2 text.asc
> >> ...
> >> gpg: public key decryption failed: No pinentry
> >> gpg: decryption failed: No secret key
> >>
> >> app-crypt/pinentry-1.0.0-r2 is installed
> >
> > Sometime you have to set one of the following.
> >
> >
When I try to decrypt a file I get:
gpg2 text.asc
...
gpg: public key decryption failed: No pinentry
gpg: decryption failed: No secret key
app-crypt/pinentry-1.0.0-r2 is installed
I've tried to kill "gpg-agent" didn't help.
--
Joseph
you
problems. You haven't mentioned what issue you're actually having
with it/pinentry/etc.
FYI pinentry frustrates me because:
1. pinentry-gtk and pinentry-qt do not allow me to paste my
passphrase. My passphrase is difficult to type. I keep my passphrase
in keepass.
2. Supposedly pinentry
I try to decrypt a file I get:
>>>>
>>>> gpg2 text.asc
>>>> ...
>>>> gpg: public key decryption failed: No pinentry
>>>> gpg: decryption failed: No secret key
>>>>
>>>> app-crypt/pinentry-1.0.0-r2 is installed
>>>
&g
On 06/07/2014 03:41, Chris Stankevitz wrote:
I am trying to ssh into a site using PKI. I have a private key in my
.ssh directory that requires a passphrase.
ssh is asking me for my passphrase using a terrible program called
pinentry. It's terrible for a bunch of reasons, and if you
Hello list,
I recently updated "app-crypt/pinentry" and suddenly
"/usr/bin/pinentry-gtk-2" was missing.
I am using "pinentry-gtk-2", so I can enter the passphrase for my GPG
private key, when using the browser extension "Gopass Bridge".
Taki
On Sun, Jul 6, 2014 at 8:40 PM, Chris Stankevitz
chrisstankev...@gmail.com wrote:
On another note, from my OP, I am still curious how the ssh software
knows to use /usr/bin/pinentry to fetch my passphrase. In a follow-up
post, I discovered that this mechanism only works if an environment
It *isn't* a reason. 'pinentry' is (well, was. Now I have downgraded gnupg)
installed, password is requested, but is wrong.
=== On Tuesday 02 January 2007 21:28, Neil Bothwick wrote: ===
...
http://bugs.gentoo.org/show_bug.cgi?id=159505
You need to install pinentry.
--
gentoo-user
typing my password 100 times
per day. The only problem I have with pinentry is that it doesn't
let me paste. Does keychain allow me to paste? If so, I'll consider
it. However, now that I have killed pinentry from my system I am
happily pasting my passphrase into the ssh console.
On another note
on the terminal (as it has always been),
> and then a second time in a graphical pinentry window.
>
> The latter did not happen with gnupg 2.0 (double-checked by downgrading).
> Does anyone have a hint what’s wrong here and how I can fix this?
I just recently resolved this myself. You n
d is there any alternative?
I cannot comment directly on the obsolescence of pinentry-gtk2 (most
certainly a decision upstream), but the alternative is pinentry-gnome3.
The gtk flag was not removed because it now configures pinentry-gnome3
instead of -gtk2. You should be able to select that using '
On Wed, Feb 24, 2010 at 11:31:34AM +, Mick wrote:
Since invoking gpg on the CLI does not ask for a passphrase and it returns:
gpg: problem with the agent: No pinentry
I assume that the problem is with pinentry. Is there some other
application involved here that I should look
On Sat, Jul 5, 2014 at 7:57 PM, Rich Freeman ri...@gentoo.org wrote:
In any case, I suspect that gpg-agent is actually serving passwords to
openssh, so the file you want is ~/.gnupg/gpg-agent.conf - it probably
contains the line pinentry-program /usr/bin/pinentry. If you trust
all your X
issue you're actually having
with it/pinentry/etc.
FYI pinentry frustrates me because:
1. pinentry-gtk and pinentry-qt do not allow me to paste my
passphrase. My passphrase is difficult to type. I keep my passphrase
in keepass.
2. Supposedly pinentry-curses will let me paste; however
On Sat, Jul 5, 2014 at 9:41 PM, Chris Stankevitz
chrisstankev...@gmail.com wrote:
ssh is asking me for my passphrase using a terrible program called
pinentry. It's terrible for a bunch of reasons, and if you are
interested you can just google pinentry sucks.
Probably more a case of X11
.
Alan,
Thank you. FYI, I do not have a problem typing my password 100 times
per day. The only problem I have with pinentry is that it doesn't
let me paste. Does keychain allow me to paste? If so, I'll consider
it. However, now that I have killed pinentry from my system I am
happily pasting
igned mail in mutt and send it off. Thus I
> > am asked for the passphrase first on the terminal (as it has always been),
> > and then a second time in a graphical pinentry window.
> >
> > The latter did not happen with gnupg 2.0 (double-checked by downgrading).
> > Do
message?
It may help other people who know more about this to answer your
question.
Thanks again for your help. The problem seems to be with pinentry when gpg is
invoked manually:
gpg: problem with the agent: No pinentry
and then as a consequence:
gpg: public key decryption failed
re subfolder ".gnupg/" from one system to
>> another. It works when I click on the file at the computer but not over
>> ssh.
>>
>
> Have you tried pinentry-curses? I'm not sure if qt version works over
> ssh.
Yes, that works. It gives me:
pinentry-curses
OK Pleased to meet you
Joseph
ot;.gnupg/" from one system to
>>> another. It works when I click on the file at the computer but not
>>> over ssh.
>>>
>>
>> Have you tried pinentry-curses? I'm not sure if qt version works over
>> ssh.
>
> Or use ssh -Y to connect, and ha
works when I click on the file at the computer but not
> > over ssh.
> >
>
> Have you tried pinentry-curses? I'm not sure if qt version works over
> ssh.
Or use ssh -Y to connect, and have X forwarding enabled on the server.
--
Neil Bothwick
Velilind's Laws of Experimentation:
1.
t;> log-in over "ssh"
>>> it still giving me same error.
>>
>> Have you logged in as a user which has a key pair configured on the PC?
>
> I just copied 'scp' entire subfolder ".gnupg/" from one system to
> another. It works when I click on the f
On 01/02/2018 08:39 PM, the...@sys-concept.com wrote:
> I've copied gpg key from one computer to another:
> scp -r ~/.gnupg user@remotehost:~/
>
> But when I try to decrypt a file it does not recognize a secret key
> ...
> gpg: public key decryption failed: No pinentry
> g
I've copied gpg key from one computer to another:
scp -r ~/.gnupg user@remotehost:~/
But when I try to decrypt a file it does not recognize a secret key
...
gpg: public key decryption failed: No pinentry
gpg: decryption failed: No secret key
--
Joseph
: - OPTION display=:0.0
gpg-agent[6741.7] DBG: - OK
gpg-agent[6741.7] DBG: - OPTION lc-ctype=C
gpg-agent[6741.7] DBG: - OK
gpg-agent[6741.7] DBG: - OPTION lc-messages=C
gpg-agent[6741.7] DBG: - OK
gpg-agent[6741.7] DBG: - OPTION allow-pinentry-notify
gpg-agent[6741.7] DBG: - OK
gpg-agent[6741.7] DBG
contains the line pinentry-program /usr/bin/pinentry. If you trust
all your X clients you can set the option no-grab in the file which
will probably allow copy/paste/etc to work with the entry window.
Rich,
Thank you, I will give that a shot. FYI I discovered:
declare -x GPG_AGENT_INFO
-agent
default-key 40A7BD65
utf8-strings
verbose
utf8-strings
encrypt-to 0x40A7BD65
and gpg-agent.conf:
grep -v '^#' ~/.gnupg/gpg-agent.conf | uniq
pinentry-program /usr/bin/pinentry-qt
no-grab
default-cache-ttl 1800
debug-level basic
log-file socket:///home/pholthau/.gnupg/log
On Wed, Feb 24, 2010 at 11:31:34AM +, Mick wrote:
Since invoking gpg on the CLI does not ask for a passphrase and it returns:
gpg: problem with the agent: No pinentry
I assume that the problem is with pinentry. Is there some other
application involved here that I should look
sked for the passphrase first on the terminal (as it has always been),
> > > and then a second time in a graphical pinentry window.
> >
> > I just recently resolved this myself. You need to add
> >
> > --pinentry-mode loopback
> >
> > to the relevant
]). But then when I try to decrypt
a file encrypted for this key I still face pinentry. I also tried
running the decryption command with the
--pinentry loopback --batch
which just fails with
gpg: Sorry, we are in batchmode - can't get input
And I already have in my gpg-agent.conf the following
sphrase (I've also tried this with the keygrip for
> the [E] subkey as opposed to the [SC]). But then when I try to decrypt
> a file encrypted for this key I still face pinentry. I also tried
> running the decryption command with the
>
> --pinentry loopback --batch
>
> which just fai
On Tue, 2 Jan 2007 19:32:41 +0300, Andrew Gaydenko wrote:
Any news on this? I'd like to upgrade to gnupg-2.0*, but I don't want
to lose access to my existing keys. Does a bug exist?
http://bugs.gentoo.org/show_bug.cgi?id=159505
You need to install pinentry.
--
Neil Bothwick
Machine
On Tue, 2 Jan 2007 21:55:48 +0300, Andrew Gaydenko wrote:
It *isn't* a reason. 'pinentry' is (well, was. Now I have downgraded
gnupg) installed, password is requested, but is wrong.
OK - you have a slightly different problem to the rest of us... good
luck :)
--
Neil Bothwick
I stayed up
On Sun, Jul 6, 2014 at 5:45 PM, Rich Freeman ri...@gentoo.org wrote:
GPG_AGENT_INFO tells ssh to use gpg-agent.
Hi Rich,
Are you saying that the ssh software checks for the presence of the
GPG_AGENT_INFO environment variable? It find it odd that ssh
hard-code the names of all possible agents.
the helper app for other processes didn't. In any case, after
unmerging seahorse, logout and login (to get rid of a defunct seahorse
process which didn't react to kill -kill), everything started working
again with the normal pinentry dialog.
Does this sound familiar to anyone?
signature.asc
this to answer your
question.
Thanks again for your help. The problem seems to be with pinentry when gpg is
invoked manually:
gpg: problem with the agent: No pinentry
and then as a consequence:
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key
However, I have
visual
binutils --briefeditor help kernel
mesa --no-colourpinentry rc
versionwxwidgets
blas cblas envjava-nsplugin lapack
modulesopengl profileruby vi
On Sun, Jul 6, 2014 at 9:18 PM, Chris Stankevitz
chrisstankev...@gmail.com wrote:
On Sun, Jul 6, 2014 at 5:45 PM, Rich Freeman ri...@gentoo.org wrote:
GPG_AGENT_INFO tells ssh to use gpg-agent.
Are you saying that the ssh software checks for the presence of the
GPG_AGENT_INFO environment
Hey fellows,
apparently, gnupg 2.1 does not recognise my passphrase anymore if I enter it
in mutt’s terminal: I compose a signed mail in mutt and send it off. Thus I
am asked for the passphrase first on the terminal (as it has always been),
and then a second time in a graphical pinentry window
or my self by ditching KDE, but thats not a real
solution.
Just wanted to point you to the upstream dependiencies of pinentry which
may have caused your situation.
Cheers,
Andrej
signature.asc
Description: OpenPGP digital signature
me other irrelevant stuff) :
!!! The ebuild selected to satisfy "app-crypt/pinentry" has unmet
requirements.
- app-crypt/pinentry-1.0.0::gentoo USE="-caps -emacs -gnome-keyring gtk
ncurses qt4 qt5 -static" ABI_X86="64"
The following REQUIRED_USE flag co
t;> printsupport" emergeu -DNup world
>> Portage replies (after some other irrelevant stuff) :
>> !!! The ebuild selected to satisfy "app-crypt/pinentry" has unmet
>> requirements.
>> - app-crypt/pinentry-1.0.0::gentoo USE="-caps -emacs -gnome-keyring
Hello,
I am trying to setup KMail to use GnuPG. I have emerged unstable gnupg
(1.9.19), gpg-agent (1.9.19) and pinentry (0.7.2-r1). I am now trying to
setup gpg-agent and have followed documentation on gentoo site but the
problem is that even after setting the agent-startup.sh the way
:
gpg-agent which is calling pinentry-qt?
I'd file it against gpg-agent and hope that if it is something related
to the qt3-qt4 transition, one of the bug-wranglers will cc the qt
team. I'd probably also file it as either minor or enhancement, since
technically the man page does warn you about
it
to work. :-(
It keeps popping up my pinentry and asking me for my default key passphrase,
not the key I am trying to feed to it.
Is there a way to change that script I posted so that it a)takes the
passphrases from a file, or b)incrementally tries {a,b,...,z}, and/or capitals
kernel
mesa --no-colour pinentry rc
version wxwidgets
blas cblas env java-nsplugin lapack
modules opengl profile ruby vi
xvmc
Oh. Oh!!! NEATO. Now to remember I can do this the next time I can't
remember the name of a module. lol
Double neato ! It works after each option too.
Well, it's
On Sun, Jul 6, 2014 at 12:09 PM, Mick michaelkintz...@gmail.com wrote:
I think that the idea of keeping your passphrase in the clipboard is frowned
upon for security reasons. Not only because of any potential memory leaks,
but because you may inadvertently paste it in GUI fields/areas you were
" emergeu -DNup world
>
>The USE flags are the result of previous attempts at 'emergeu -DNup
>world'.
>
>Portage replies (after some other irrelevant stuff) :
>
>!!! The ebuild selected to satisfy "app-crypt/pinentry" has unmet
>requirements.
>- app-crypt/pi
]
[ebuild U ] sys-fs/e2fsprogs-1.40.3 [1.40.2]
[ebuild U ] net-firewall/iptables-1.3.8-r2 [1.3.8-r1]
[ebuild U ] x11-apps/xinit-1.0.5-r1 [1.0.4] USE=-hal% -pam%
[ebuild N] app-crypt/pinentry-0.7.3 USE=ncurses -caps -gtk -qt3
[ebuild U ] app-crypt/gnupg-2.0.7 [1.4.7-r1] USE=-doc
: No pinentry
:encrypted data packet:
length: 22577
mdc_method: 2
gpg: encrypted with 2048-bit ELG key, ID , created 2010-01-25
me m...@gmail.com
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key
-vala"
[nomerge ] gnome-base/gnome-keyring-3.20.0::gentoo USE="caps
filecaps pam ssh-agent (-selinux) {-test}"
[nomerge ] app-crypt/pinentry-0.9.7-r1::gentoo
USE="gnome-keyring gtk ncurses -caps -emacs -qt4 -qt5 -static"
[nomerge ]x11-libs/gtk+-2.2
alculating dependencies... done!
>
>
> [nomerge ] app-crypt/libsecret-0.18.5::gentoo USE="crypt
> introspection -debug {-test} -vala"
> [nomerge ] gnome-base/gnome-keyring-3.20.0::gentoo USE="caps
> filecaps pam ssh-agent (-selinux) {-test}"
>
... ]
app-crypt/pinentry-0.7.5 (qt3? x11-libs/qt:3)
app-text/poppler-bindings-0.8.7 (qt3? =x11-libs/qt-3.3:3)
(qt4? =x11-libs/qt-4.3:4)
media-video/vlc-0.9.8a (qt4? =x11-libs/qt-4.3*:4)
(skins? =x11-libs/qt-4.3*:4)
net-im/skype-2.0.0.63 (x86
binutils --brief editor help kernel
mesa --no-colour pinentry rc
version wxwidgets
blas cblas env java-nsplugin lapack
modules opengl profile ruby vi
xvmc
Oh. Oh!!! NEATO. Now to remember I can do this the next time I can't
remember the name of a module. lol
Double neato ! It works after each
pager python usage
visual
binutils --briefeditor help kernel
mesa --no-colourpinentry rc
versionwxwidgets
blas cblas envjava-nsplugin lapack
modulesopengl
-4.8.6-r2::gentoo (Change USE: -qt3support)
- dev-qt/qtgui-4.8.6-r4::gentoo (Change USE: +qt3support)
(dependency required by dev-qt/qtgui-4.8.6-r4::gentoo [ebuild])
(dependency required by app-crypt/pinentry-0.9.0::gentoo[qt4] [installed])
(dependency required by app-crypt/gnupg-2.0.26-r3::gentoo
="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose
--quiet --batch --output - %f"
set pgp_sign_command="gpg --no-verbose --batch --quiet --output - %?p?--
passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f"
set pgp_clearsign_command="gpg --pinentry-mode
portage 188416 Oct 17 10:30
.pinentry-1.0.0.tar.bz2.portage_lockfile
drwxrwxr-x 2 rootportage 188416 Oct 17 10:30 .__portage_test_write__
drwxrwxr-x 2 rootportage 188416 Oct 17 10:30
.wpa_supplicant-2.6.tar.gz.portage_lockfile
distfiles # touch test
distfiles # ls -l
total 188
drwxrwxr
other window on your desktop,
unless you're employing protective measures that nobody actually
employs outside of maybe pinentry (I haven't checked that one and I
forget if it is completely modal - as in you can't type in any other
x11 window while it is displayed).
--
Rich
gt;
> Oh, and keep in mind that X11 itself isn't the most secure piece of
> software in existence. In particular any window on your desktop can
> spy on the keyboard input into any other window on your desktop,
> unless you're employing protective measures that nobody actually
> empl
and stored in /etc/keys/enc.key.gpg.
When the system boots a couple of error messages ominously flash through about
dmcrypt service failing to start. Then the pinentry pops up asking for the
gpg passphrase. The passphrase is promptly typed in, the boot process
continues and the /dev/mapper/home
... ]
app-crypt/pinentry-0.7.5 (qt3? x11-libs/qt:3)
app-text/poppler-bindings-0.8.7 (qt3? =x11-libs/qt-3.3:3)
(qt4? =x11-libs/qt-4.3:4)
media-video/vlc-0.9.8a (qt4? =x11-libs/qt-4.3*:4)
(skins? =x11-libs/qt-4.3*:4)
net-im/skype-2.0.0.63 (x86 !qt
trying app-crypt/nasty, for brute force cracking, but I can't get it
to work. :-(
It keeps popping up my pinentry and asking me for my default key passphrase,
not the key I am trying to feed to it.
Is there a way to change that script I posted so that it a)takes the
passphrases from a file
of the following packages is required to complete your request:
- dev-qt/qtcore-4.8.6-r2::gentoo (Change USE: -qt3support)
- dev-qt/qtgui-4.8.6-r4::gentoo (Change USE: +qt3support)
(dependency required by dev-qt/qtgui-4.8.6-r4::gentoo [ebuild])
(dependency required by app-crypt/pinentry-0.9.0::gentoo[qt4
w on your desktop can
> > spy on the keyboard input into any other window on your desktop,
> > unless you're employing protective measures that nobody actually
> > employs outside of maybe pinentry (I haven't checked that one and I
> > forget if it is completely modal - as in
s-libs/timezone-data-2020e::gentoo
> [2020d::gentoo] USE="nls -leaps-timezone -zic-slim" 659 KiB
> [ebuild U ] app-eselect/eselect-pinentry-0.7.1::gentoo
> [0.7::gentoo] 0 KiB
> [ebuild U ] virtual/perl-Data-Dumper-2.174.0-r2::gentoo
>
but they're not super-practical.
Amusingly enough I stumbled upon this blog:
https://blog.separateconcerns.com/2014-10-24-cli-passwords.html
This page "helpfully" suggests that you can secure your system by
using a console pinentry program instead of an X11-based one, with the
underlying
your X server (which includes anything actually displaying a window
> on your screen), can generally grab any of the keyboard input bound
> for any window on your screen. There are ways for programs to block
> this, but they're not super-practical.
>
> Amusingly enough I
rally grab any of the keyboard input bound
> for any window on your screen. There are ways for programs to block
> this, but they're not super-practical.
>
> Amusingly enough I stumbled upon this blog:
> https://blog.separateconcerns.com/2014-10-24-cli-passwords.html
>
> This pa
kB
[ebuild N] net-misc/curl-7.17.1
USE=ssl -ares -gnutls -idn -ipv6 -kerberos -ldap -nss -test 1,682 kB
[ebuild N] app-crypt/pinentry-0.7.4-r1 USE=-caps -gtk -ncurses -qt3
407 kB
[ebuild N] dev-libs/libassuan-1.0.4 291 kB
[ebuild N] net-libs/courier-authlib-0.60.2
.
Tho investigate further:
equery d x11-libs/qt
[ Searching for packages depending on x11-libs/qt... ]
app-crypt/pinentry-0.7.5 (qt3? x11-libs/qt:3)
app-text/poppler-bindings-0.8.7 (qt3? =x11-libs/qt-3.3:3)
(qt4? =x11-libs/qt-4.3:4)
media-video/vlc-0.9.8a (qt4? =x11
-crypt/gpgme-1.3.0 USE=-common-lisp -pth
[nomerge ]app-crypt/gnupg-2.0.16-r2 USE=bzip2 ldap nls -adns -caps
-doc -openct -pcsc-lite (-selinux) -smartcard -static
[nomerge ] app-crypt/pinentry-0.8.0-r1 USE=gtk ncurses qt4 -caps
-static
[ebuild U ] app-admin
requires =app-admin/eselect-1.2.4
app-admin/eselect-opengl-1.2.6.1 requires =app-admin/eselect-1.2.4
app-admin/eselect-php-0.6.2 requires =app-admin/eselect-1.2.4
app-admin/eselect-pinentry-0.3 requires app-admin/eselect
app-admin/eselect-postgresql-1.0.10 requires app-admin/eselect
app
-0.0.10 requires =app-admin/eselect-1.2.4
app-admin/eselect-opencl-1.1.0-r1 requires =app-admin/eselect-1.2.4
app-admin/eselect-opengl-1.2.6.1 requires =app-admin/eselect-1.2.4
app-admin/eselect-php-0.6.2 requires =app-admin/eselect-1.2.4
app-admin/eselect-pinentry-0.3 requires
-4.8.6-r4::gentoo [ebuild])
(dependency required by app-crypt/pinentry-0.9.0::gentoo[qt4]
[installed]) (dependency required by app-crypt/gnupg-2.0.26-r3::gentoo
[installed]) (dependency required by dev-vcs/git-2.3.6::gentoo[gpg]
[installed]) (dependency required by
app-portage/layman-2.0.0
entoo
[2020d::gentoo] USE="nls -leaps-timezone -zic-slim" 659 KiB
[ebuild U ] app-eselect/eselect-pinentry-0.7.1::gentoo
[0.7::gentoo] 0 KiB
[ebuild U ] virtual/perl-Data-Dumper-2.174.0-r2::gentoo
[2.174.0-r1::gentoo] 0 KiB
[ebuild NS] sys-ker
--- a/zz_autoconfigure
+++ b/._cfg_zz_autoconfigure
@@ -272,3 +272,7 @@ media-libs/gegl cairo
# required by @selected
# required by @world (argument)
>=app-crypt/pinentry-1.1.1 gnome-keyring
+# required by media-video/cheese-3.34.0-r1::gentoo
+# required by @selected
. That brought in the
qt-4.4.2.
Tho investigate further:
equery d x11-libs/qt
[ Searching for packages depending on x11-libs/qt... ]
app-crypt/pinentry-0.7.5 (qt3? x11-libs/qt:3)
app-text/poppler-bindings-0.8.7 (qt3? =x11-libs/qt-3.3:3
-admin/gkrellm-2.3.5-r2 (X ? x11-libs/gtk+:2)
app-admin/hardinfo-0.5.2_pre20130823 (x11-libs/gtk+:2)
app-crypt/pinentry-0.8.2 (gtk ? x11-libs/gtk+:2)
app-editors/bluefish-2.2.2 (x11-libs/gtk+:3)
app-office/libreoffice-4.1.2.3 (gtk ? =x11-libs/gtk+-2.24:2)
(gtk3 ? =x11
API calls that try
to intercept this sort of data will fail (I don't know the gory
details).
2. Some applications are hardened against these attacks by taking
exclusive access of input (similar to a modal dialog):
a. The X11 implementations of app-crypt/pinentry grab exclusive
input access whe
are hardened against these attacks by taking
exclusive access of input (similar to a modal dialog):
a. The X11 implementations of app-crypt/pinentry grab exclusive
input access when they run. This is why you should ALWAYS use the X11
version of these programs for ssh/gpg agent passphrase entry
1 - 100 of 146 matches
Mail list logo