On Sonntag, 11. September 2022 10:35:43 CEST Albert Astals Cid wrote: > El diumenge, 11 de setembre de 2022, a les 4:44:24 (CEST), Ron Murray va > > Since QCA invokes the gpg executable anyway, it makes more sense to > > just let gpg bring up a pinentry dialog. > > That's not QCA design, the design is that the application brings up its own > dialog if it needs it when it gets asked via the QCA::Event::Password > request.
Which is completely against the design goal of gpg2 to minimize the attack surface of code that deals with sensitive information like the private key data (done exclusively by gpg-agent) and passwords (done by gpg-agent in concert with pinentry). Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
