[Fwknop-discuss] fwknop gpg passphrase twice

Thu, 26 Apr 2012 14:34:00 -0700 

Good afternoon :D

When running fwknop with gpg options I am asked twice for the 
passphrase. The first time appears to be fwknop itself with the prompt, 
"Enter passphrase for signing:", and the next time appears to be 
pinentry. Is this expected behavior or should fwknop somehow slip 
pinentry the passphrase? Forgive the following verbosity if it's 
unecessary ;-)


Here is the cmd I used:

$ fwknop -A "tcp/22" --gpg-recipient-key A722C2C6 --gpg-signer-key 
D0A83360 -s -D myserver.com


If I use another terminal to look at a process listing, here are some 
things that I see:

$ ps auxw --forest | grep -A5 [g]pg
<snip>
moondog  14197  0.0  0.4   3436  1416 pts/3    SL+  15:12   0:00 gpg 
--enable-special-filenames --no-sk-comment --status-fd 4 --no-tty 
--charset utf8 --enable-progress-filter --ttyname /dev/pts/3 --ttytype 
screen.linux --command-fd 5 --encrypt --sign --always-trust -r 
56FF16D3D185E32B6B7F651942D2496DA722C2C6 -u E480D0A3D0A83360 --output - 
-- -&9
moondog  14199  0.0  0.3   2532   972 pts/3    SL+  15:12   0:00  \_ 
gpg-agent --server
moondog  14200  0.0  0.3   2044   884 pts/3    SL+  15:12   0:00      \_ 
pinentry
</snip>


According to strace and lsof, pinentry is waiting to read on file handle 3:

$ strace -fp 14200
Process 14200 attached - interrupt to quit
read(3, ^C <unfinished ...>
Process 14200 detached
$ lsof -p 14200 | awk '$4 ~ /3/ {print $0}'
pinentry 14200 moondog    3r   CHR  136,3      0t0       6 /dev/pts/3


Strace says that gpg-agent is preforming a select however I don't see a 
file descriptor in lsof:

$ strace -fp 14199
Process 14199 attached - interrupt to quit
select(8, [3 7], [], [], NULL^C <unfinished ...>
Process 14199 detached
$ lsof -p 14199 | awk '$4 ~/8/ {print $0}'
$


Strace says that gpg is trying to read from file handle 10 which appears 
to be a pipe:

$ strace -fp 14197
Process 14197 attached - interrupt to quit
read(10, ^C <unfinished ...>
Process 14197 detached
$ lsof -p 14197 | awk '$4 ~ /10/ {print $0}'
gpg     14197 moondog   10r  FIFO    0,6      0t0 4656092 pipe


-- Morgan

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss

Reply via email to