On Apr 26, 2012, Morgan Smith wrote:
> Good afternoon :D
>
> When running fwknop with gpg options I am asked twice for the
> passphrase. The first time appears to be fwknop itself with the prompt,
> "Enter passphrase for signing:", and the next time appears to be
> pinentry. Is this expected behavior or should fwknop somehow slip
> pinentry the passphrase? Forgive the following verbosity if it's
> unecessary ;-)
Hmm, I wonder if there is a way to disable the pinentry thing? Do you
require it? Or, perhaps there is a batch argument that fwknop should set
in libgpgme - I will check.
--Mike
> Here is the cmd I used:
>
> $ fwknop -A "tcp/22" --gpg-recipient-key A722C2C6 --gpg-signer-key
> D0A83360 -s -D myserver.com
>
>
> If I use another terminal to look at a process listing, here are some
> things that I see:
>
> $ ps auxw --forest | grep -A5 [g]pg
> <snip>
> moondog 14197 0.0 0.4 3436 1416 pts/3 SL+ 15:12 0:00 gpg
> --enable-special-filenames --no-sk-comment --status-fd 4 --no-tty
> --charset utf8 --enable-progress-filter --ttyname /dev/pts/3 --ttytype
> screen.linux --command-fd 5 --encrypt --sign --always-trust -r
> 56FF16D3D185E32B6B7F651942D2496DA722C2C6 -u E480D0A3D0A83360 --output -
> -- -&9
> moondog 14199 0.0 0.3 2532 972 pts/3 SL+ 15:12 0:00 \_
> gpg-agent --server
> moondog 14200 0.0 0.3 2044 884 pts/3 SL+ 15:12 0:00 \_
> pinentry
> </snip>
>
>
> According to strace and lsof, pinentry is waiting to read on file handle 3:
>
> $ strace -fp 14200
> Process 14200 attached - interrupt to quit
> read(3, ^C <unfinished ...>
> Process 14200 detached
> $ lsof -p 14200 | awk '$4 ~ /3/ {print $0}'
> pinentry 14200 moondog 3r CHR 136,3 0t0 6 /dev/pts/3
>
>
> Strace says that gpg-agent is preforming a select however I don't see a
> file descriptor in lsof:
>
> $ strace -fp 14199
> Process 14199 attached - interrupt to quit
> select(8, [3 7], [], [], NULL^C <unfinished ...>
> Process 14199 detached
> $ lsof -p 14199 | awk '$4 ~/8/ {print $0}'
> $
>
>
> Strace says that gpg is trying to read from file handle 10 which appears
> to be a pipe:
>
> $ strace -fp 14197
> Process 14197 attached - interrupt to quit
> read(10, ^C <unfinished ...>
> Process 14197 detached
> $ lsof -p 14197 | awk '$4 ~ /10/ {print $0}'
> gpg 14197 moondog 10r FIFO 0,6 0t0 4656092 pipe
>
>
> -- Morgan
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Fwknop-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
