Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


lgellert at gmail

Jun 3, 2012, 7:46 AM

Post #1 of 10 (1244 views)
Permalink
GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?

Had a little adventure this morning with GnuPG 2.x on Windows 7 and decided
to revert to 1.4.

During command line decryption, pinentry opens a popup window for the
passphrase. In the pinentry window, paste (Ctl+V) is not supported. Deal
breaker. I read through the forums and could not find a way around this.

Here are some suggestions:
a) Put the 1.4 Windows binary installer on the download page again.
b) Allow pinentry to accept a paste command.
or, allow gpg 2.x to bypass pinentry and work in 1.4 mode (and make it
obvious how to do so).

Love the simplicity and speed of gpg 1.4. If 2.1 can work in the same way,
that would be much appreciated. It is not fun being stuck on the old
version and left out of all the fun of 2.1!

By the way, the download gpg4win-vanilla-2.1.1-34299-beta.exe failed to
launch, with this message: "Installer integrity check has failed". The
download of gpg4win-light-2.1.1-34299-beta.exe did work.

Thanks,
Laurence


mailinglisten at hauke-laging

Jun 3, 2012, 9:19 AM

Post #2 of 10 (1204 views)
Permalink
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass? [In reply to]

Am So 03.06.2012, 07:46:41 schrieb L G:

> During command line decryption, pinentry opens a popup window for the
> passphrase. In the pinentry window, paste (Ctl+V) is not supported. Deal
> breaker. I read through the forums and could not find a way around this.

man gpg-agent
--no-grab


Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
Attachments: signature.asc (0.54 KB)


kf at sumptuouscapital

Jun 3, 2012, 10:12 AM

Post #3 of 10 (1205 views)
Permalink
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2012-06-03 18:19, Hauke Laging wrote:
> Am So 03.06.2012, 07:46:41 schrieb L G:
>
>> During command line decryption, pinentry opens a popup window for
>> the passphrase. In the pinentry window, paste (Ctl+V) is not
>> supported. Deal breaker. I read through the forums and could not
>> find a way around this.
>
> man gpg-agent --no-grab
>

That will only prevent pinentry from grabbing the focus. You'd
probably want to add "pinentry-program /usr/bin/pinentry-curses" to
the config file as well (obviously changing the path to the
appropriate directory), iirc pasting is disabled in the GUI varieties
shipped in the main trunk, so these will require some patching to
allow pasting of passwords (e.g. with password managers).

An alternative could be to check out --passphrase-fd in man gpg.


- --
- ----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Corruptissima re publica plurim leges
The greater the degeneration of the republic, the more of its laws
- ----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
- ----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJPy5rrAAoJEBbgz41rC5UITikP/itI5yIJKiR4tGazxbvN4KfG
qL+qjhmWsC4SScdvdoSoEG/1o/7kVcM8TqvlUtqKTtH/ah7yOCUIknghR9xFDd4I
QcuJpusMjW1CQCEKVVWnCzVDP7nFJ3s7jY7nzLKNH1FB71KXU1eQ/8dznXXA8Hxy
IRtZGteDu485yzDB894ytFIxXp0VOZRX3lcJRghOOfrm6pDTBWXnKNdGyPN5eeKT
L6cY0nrC7inYDW1TCc7WY6rhJtajLEhoqhBCDeRMeovXZ0/Qyk6hXQF0hWp+jWxR
hNYMRJD+Zx5xPFvHcCnC4s+LHW2vMJPrAm1Sc4tnpvyuBdDEBkJPa5x1iQdU2qVo
n7V6Rupy0vOtVZG5WsW5bFndJjpKBIlNHJZrDFM8ZC/Qz27WKL5pu47pJ3gnXnG7
v4BOaEL+8r/PubtUsGXy1GimW4GkZU+mDmqDilxgRgdoM4pGLTn/rz+FArDR3z2E
DiBh4/YWfF/UVVL3F8SY/I5WK+gKBtHo6isoe8yV17MwcTEpsF9yUarf4kFk+uH2
IcF3n1WaFVwAKqjlpCGOc45tpWwTia7DXUgfPOUrByu6xibENrhEAEHpKCeXAE2O
B+nDtM1At2eZgqWEDtoPmPP0ZzYsw2GgnUBkf5CUH7FTHxyYJRM82m1/A56l0Gil
s/mMTvavTwBLSNsiVBiw
=cK9P
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

Jun 3, 2012, 1:07 PM

Post #4 of 10 (1190 views)
Permalink
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass? [In reply to]

On 6/3/2012 10:46 AM, L G wrote:
> During command line decryption, pinentry opens a popup window for the
> passphrase. In the pinentry window, paste (Ctl+V) is not supported.
> Deal breaker.

Storing your passphrase in the clipboard is generally considered unwise
and harmful. Your passphrase is a high-value secret: putting it on the
clipboard makes it visible to every other process on your system
(including malware!).

Pinentry's refusal to support C&P is not accidental or an oversight.
It's a deliberate design decision meant to help shield you from malware,
Trojans, and other skulduggery that people may use to discover your
passphrase.

It's fairly easy to hack the source to support C&P. However, the last
it was asked about on this list the answer was "C&P will not be
supported and patches to enable C&P will not be accepted."

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


lgellert at gmail

Jun 3, 2012, 3:31 PM

Post #5 of 10 (1195 views)
Permalink
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass? [In reply to]

> Storing your passphrase in the clipboard is generally considered unwise
> and harmful. Your passphrase is a high-value secret: putting it on the
> clipboard makes it visible to every other process on your system
> (including malware!).

I understand the risk, and your point is valid. However, if a machine is
infected with malware, then keystrokes can also be captured, screen shots,
packets, pretty much everything going on. Considering the low risk nature
of the data this particular key addresses, I'm am comfortable with C&P.
There are other cases where I don't use C&P on purpose.

> Pinentry's refusal to support C&P is not accidental or an oversight.
> It's a deliberate design decision meant to help shield you from malware,
> Trojans, and other skulduggery that people may use to discover your
> passphrase.

I would recommend that users be allowed to decide (via config or command
line option), and provide a sensible default such as the current behavior.

Laurence


yyy at yyy

Jun 3, 2012, 8:50 PM

Post #6 of 10 (1196 views)
Permalink
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass? [In reply to]

On 2012.06.03. 23:07, Robert J. Hansen wrote:
> On 6/3/2012 10:46 AM, L G wrote:
>> During command line decryption, pinentry opens a popup window for the
>> passphrase. In the pinentry window, paste (Ctl+V) is not supported.
>> Deal breaker.
> Storing your passphrase in the clipboard is generally considered unwise
> and harmful. Your passphrase is a high-value secret: putting it on the
> clipboard makes it visible to every other process on your system
> (including malware!).
So, if one is incapable of remembering strong passwords (passphrses),
this forces them to use either useless passphrase (breakable in less
than 5 min using dictionary) or use no passphrase at all.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


rjh at sixdemonbag

Jun 3, 2012, 10:05 PM

Post #7 of 10 (1201 views)
Permalink
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass? [In reply to]

On 06/03/2012 11:50 PM, yyy wrote:
> So, if one is incapable of remembering strong passwords (passphrses),
> this forces them to use either useless passphrase (breakable in less
> than 5 min using dictionary) or use no passphrase at all.

If your passphrase is stored on a file on your computer, then you may as
well have no passphrase at all, yes.

The only safe place for your passphrase is your memory, and even that
one is fairly easy to crack. A top-flight hooker costs $5,000 an hour
(according to Eliot Spitzer), a great bottle of Scotch costs $250
(Glenmorangie Signet), and between the two you have a fairly
cost-effective way to recover a passphrase.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


peter at digitalbrains

Jun 4, 2012, 1:13 AM

Post #8 of 10 (1196 views)
Permalink
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass? [In reply to]

On 04/06/12 05:50, yyy wrote:
> So, if one is incapable of remembering strong passwords (passphrses),
> this forces them to use either useless passphrase (breakable in less
> than 5 min using dictionary) or use no passphrase at all.

Or use a smart card.

BTW, with regard to remembering passphrases, the comic that has been mentioned
more often here:

http://xkcd.com/936/

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


mika.henrik.mainio at hotmail

Jun 4, 2012, 2:22 AM

Post #9 of 10 (1199 views)
Permalink
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03.06.2012 19:19, Hauke Laging wrote:
> Am So 03.06.2012, 07:46:41 schrieb L G:
>
>> During command line decryption, pinentry opens a popup window for
>> the passphrase. In the pinentry window, paste (Ctl+V) is not
>> supported. Deal breaker. I read through the forums and could not
>> find a way around this.
>
> man gpg-agent --no-grab
>
>
> Hauke

Has Windows finally got "man"? :)

- --
[Mika Suomalainen](https://mkaysi.github.com/) ||
[gpg --keyserver pool.sks-keyservers.net --recv-keys
4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) ||
[Why do I sign my
emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) ||
[Please don't send
HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) ||
[Please don't
toppost](http://mkaysi.github.com/articles/complaining/topposting.html) ||

[This signature](https://gist.github.com/2643070) ||
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Homepage: http://mkaysi.github.com/
Comment: gpg --keyserver pool.sks-keyservers.net 82A46728
Comment: Public key: http://mkaysi.github.com/PGP/key.txt
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPzH5vAAoJEE21PP6CpGcoztUQALCJHhYy32ezQ50rUZIPjocY
6qnQcNtVocT3hU2r4r01tNQ0KAv9/Swj0MqDo10t4imU9v7lBfVKrKPGCtSS8DCX
/N51CdGNwi27PMMK+F7sAPXbRhLSetwSOju1uLr4KhoF3iA87FGVfzQ9xJ49I+9n
gGs2AJtptysIvkZGy2GMVlz68mvM+MYB3U067sToxjW0kOoV29eNWN+7wFUM1JZn
Jz9/on4+38kTx+h/t4ZebeExjxwZV0Fv6WcKMvhW8+uA1x3k4NJYmeKpducBCOYV
y/AKt9WlFmTuxoBBF9M+sYNvKaiXeU6MKReFYLp5kSocEjoMDS/nxUzPQrWZgotP
oQtAT8TPxtw6SYq8Gy3H3X5Bn0+EyfMj+OpnSqAzkyDafBQlXARfxjAU7UdRYfa0
GSXSWrKr9UzWqD78U4dAU+9cemj0WvM7hkPfQuGs2UIvxMS90FjGcIhphs0vw3KD
5jHZg6u/5ggu6X8BhITABYqdFO14FSzbaAViHuP8Vw00rKQGMZBdF/OKEog7xQnd
fQZVY6HOMZ4c7CjSV7lu9DrRcPF7hBcby4UUmOMsTo9FjxpULkKepsp1SzhNDRWb
GsEQp3+gWgTw4Q6Xp3kuzjXazq8K4FORFqF3Cl4rK2Xff6Hkt96cUEQ7ckS7ZrSD
iEnlrXu2Lfw0OAbevf5c
=/4/8
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


jerry at seibercom

Jun 4, 2012, 3:56 AM

Post #10 of 10 (1191 views)
Permalink
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass? [In reply to]

On Sun, 03 Jun 2012 16:07:38 -0400
Robert J. Hansen articulated:

>On 6/3/2012 10:46 AM, L G wrote:
>> During command line decryption, pinentry opens a popup window for the
>> passphrase. In the pinentry window, paste (Ctl+V) is not supported.
>> Deal breaker.
>
>Storing your passphrase in the clipboard is generally considered unwise
>and harmful. Your passphrase is a high-value secret: putting it on the
>clipboard makes it visible to every other process on your system
>(including malware!).
>
>Pinentry's refusal to support C&P is not accidental or an oversight.
>It's a deliberate design decision meant to help shield you from
>malware, Trojans, and other skulduggery that people may use to
>discover your passphrase.
>
>It's fairly easy to hack the source to support C&P. However, the last
>it was asked about on this list the answer was "C&P will not be
>supported and patches to enable C&P will not be accepted."

I believe that ClipCache Pro <http://www.xrayz.co.uk/> can capture the
passwords. It has been a long time since I had PGP on a Window's
machine; however, I thought I use to do it with this utility.

By the way, ClipCache Pro is the best text capture program I have ever
used. I wish I could find something similar for *nix.

--
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.