Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
On 04/06/12 05:50, yyy wrote: So, if one is incapable of remembering strong passwords (passphrses), this forces them to use either useless passphrase (breakable in less than 5 min using dictionary) or use no passphrase at all. Or use a smart card. BTW, with regard to remembering passphrases, the comic that has been mentioned more often here: http://xkcd.com/936/ Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03.06.2012 19:19, Hauke Laging wrote: Am So 03.06.2012, 07:46:41 schrieb L G: During command line decryption, pinentry opens a popup window for the passphrase. In the pinentry window, paste (Ctl+V) is not supported. Deal breaker. I read through the forums and could not find a way around this. man gpg-agent --no-grab Hauke Has Windows finally got man? :) - -- [Mika Suomalainen](https://mkaysi.github.com/) || [gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728](http://mkaysi.github.com/PGP/key.txt) || [Why do I sign my emails?](http://mkaysi.github.com/PGP/WhyDoISignEmails.html) || [Please don't send HTML.](http://mkaysi.github.com/articles/complaining/HTML.html) || [Please don't toppost](http://mkaysi.github.com/articles/complaining/topposting.html) || [This signature](https://gist.github.com/2643070) || -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Homepage: http://mkaysi.github.com/ Comment: gpg --keyserver pool.sks-keyservers.net 82A46728 Comment: Public key: http://mkaysi.github.com/PGP/key.txt Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPzH5vAAoJEE21PP6CpGcoztUQALCJHhYy32ezQ50rUZIPjocY 6qnQcNtVocT3hU2r4r01tNQ0KAv9/Swj0MqDo10t4imU9v7lBfVKrKPGCtSS8DCX /N51CdGNwi27PMMK+F7sAPXbRhLSetwSOju1uLr4KhoF3iA87FGVfzQ9xJ49I+9n gGs2AJtptysIvkZGy2GMVlz68mvM+MYB3U067sToxjW0kOoV29eNWN+7wFUM1JZn Jz9/on4+38kTx+h/t4ZebeExjxwZV0Fv6WcKMvhW8+uA1x3k4NJYmeKpducBCOYV y/AKt9WlFmTuxoBBF9M+sYNvKaiXeU6MKReFYLp5kSocEjoMDS/nxUzPQrWZgotP oQtAT8TPxtw6SYq8Gy3H3X5Bn0+EyfMj+OpnSqAzkyDafBQlXARfxjAU7UdRYfa0 GSXSWrKr9UzWqD78U4dAU+9cemj0WvM7hkPfQuGs2UIvxMS90FjGcIhphs0vw3KD 5jHZg6u/5ggu6X8BhITABYqdFO14FSzbaAViHuP8Vw00rKQGMZBdF/OKEog7xQnd fQZVY6HOMZ4c7CjSV7lu9DrRcPF7hBcby4UUmOMsTo9FjxpULkKepsp1SzhNDRWb GsEQp3+gWgTw4Q6Xp3kuzjXazq8K4FORFqF3Cl4rK2Xff6Hkt96cUEQ7ckS7ZrSD iEnlrXu2Lfw0OAbevf5c =/4/8 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
On Sun, 03 Jun 2012 16:07:38 -0400 Robert J. Hansen articulated: On 6/3/2012 10:46 AM, L G wrote: During command line decryption, pinentry opens a popup window for the passphrase. In the pinentry window, paste (Ctl+V) is not supported. Deal breaker. Storing your passphrase in the clipboard is generally considered unwise and harmful. Your passphrase is a high-value secret: putting it on the clipboard makes it visible to every other process on your system (including malware!). Pinentry's refusal to support CP is not accidental or an oversight. It's a deliberate design decision meant to help shield you from malware, Trojans, and other skulduggery that people may use to discover your passphrase. It's fairly easy to hack the source to support CP. However, the last it was asked about on this list the answer was CP will not be supported and patches to enable CP will not be accepted. I believe that ClipCache Pro http://www.xrayz.co.uk/ can capture the passwords. It has been a long time since I had PGP on a Window's machine; however, I thought I use to do it with this utility. By the way, ClipCache Pro is the best text capture program I have ever used. I wish I could find something similar for *nix. -- Jerry â™” Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
Had a little adventure this morning with GnuPG 2.x on Windows 7 and decided to revert to 1.4. During command line decryption, pinentry opens a popup window for the passphrase. In the pinentry window, paste (Ctl+V) is not supported. Deal breaker. I read through the forums and could not find a way around this. Here are some suggestions: a) Put the 1.4 Windows binary installer on the download page again. b) Allow pinentry to accept a paste command. or, allow gpg 2.x to bypass pinentry and work in 1.4 mode (and make it obvious how to do so). Love the simplicity and speed of gpg 1.4. If 2.1 can work in the same way, that would be much appreciated. It is not fun being stuck on the old version and left out of all the fun of 2.1! By the way, the download gpg4win-vanilla-2.1.1-34299-beta.exe failed to launch, with this message: Installer integrity check has failed. The download of gpg4win-light-2.1.1-34299-beta.exe did work. Thanks, Laurence ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
Am So 03.06.2012, 07:46:41 schrieb L G: During command line decryption, pinentry opens a popup window for the passphrase. In the pinentry window, paste (Ctl+V) is not supported. Deal breaker. I read through the forums and could not find a way around this. man gpg-agent --no-grab Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2012-06-03 18:19, Hauke Laging wrote: Am So 03.06.2012, 07:46:41 schrieb L G: During command line decryption, pinentry opens a popup window for the passphrase. In the pinentry window, paste (Ctl+V) is not supported. Deal breaker. I read through the forums and could not find a way around this. man gpg-agent --no-grab That will only prevent pinentry from grabbing the focus. You'd probably want to add pinentry-program /usr/bin/pinentry-curses to the config file as well (obviously changing the path to the appropriate directory), iirc pasting is disabled in the GUI varieties shipped in the main trunk, so these will require some patching to allow pasting of passwords (e.g. with password managers). An alternative could be to check out --passphrase-fd in man gpg. - -- - Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk - Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws - This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJPy5rrAAoJEBbgz41rC5UITikP/itI5yIJKiR4tGazxbvN4KfG qL+qjhmWsC4SScdvdoSoEG/1o/7kVcM8TqvlUtqKTtH/ah7yOCUIknghR9xFDd4I QcuJpusMjW1CQCEKVVWnCzVDP7nFJ3s7jY7nzLKNH1FB71KXU1eQ/8dznXXA8Hxy IRtZGteDu485yzDB894ytFIxXp0VOZRX3lcJRghOOfrm6pDTBWXnKNdGyPN5eeKT L6cY0nrC7inYDW1TCc7WY6rhJtajLEhoqhBCDeRMeovXZ0/Qyk6hXQF0hWp+jWxR hNYMRJD+Zx5xPFvHcCnC4s+LHW2vMJPrAm1Sc4tnpvyuBdDEBkJPa5x1iQdU2qVo n7V6Rupy0vOtVZG5WsW5bFndJjpKBIlNHJZrDFM8ZC/Qz27WKL5pu47pJ3gnXnG7 v4BOaEL+8r/PubtUsGXy1GimW4GkZU+mDmqDilxgRgdoM4pGLTn/rz+FArDR3z2E DiBh4/YWfF/UVVL3F8SY/I5WK+gKBtHo6isoe8yV17MwcTEpsF9yUarf4kFk+uH2 IcF3n1WaFVwAKqjlpCGOc45tpWwTia7DXUgfPOUrByu6xibENrhEAEHpKCeXAE2O B+nDtM1At2eZgqWEDtoPmPP0ZzYsw2GgnUBkf5CUH7FTHxyYJRM82m1/A56l0Gil s/mMTvavTwBLSNsiVBiw =cK9P -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
On 6/3/2012 10:46 AM, L G wrote: During command line decryption, pinentry opens a popup window for the passphrase. In the pinentry window, paste (Ctl+V) is not supported. Deal breaker. Storing your passphrase in the clipboard is generally considered unwise and harmful. Your passphrase is a high-value secret: putting it on the clipboard makes it visible to every other process on your system (including malware!). Pinentry's refusal to support CP is not accidental or an oversight. It's a deliberate design decision meant to help shield you from malware, Trojans, and other skulduggery that people may use to discover your passphrase. It's fairly easy to hack the source to support CP. However, the last it was asked about on this list the answer was CP will not be supported and patches to enable CP will not be accepted. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
Storing your passphrase in the clipboard is generally considered unwise and harmful. Your passphrase is a high-value secret: putting it on the clipboard makes it visible to every other process on your system (including malware!). I understand the risk, and your point is valid. However, if a machine is infected with malware, then keystrokes can also be captured, screen shots, packets, pretty much everything going on. Considering the low risk nature of the data this particular key addresses, I'm am comfortable with CP. There are other cases where I don't use CP on purpose. Pinentry's refusal to support CP is not accidental or an oversight. It's a deliberate design decision meant to help shield you from malware, Trojans, and other skulduggery that people may use to discover your passphrase. I would recommend that users be allowed to decide (via config or command line option), and provide a sensible default such as the current behavior. Laurence ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
On 2012.06.03. 23:07, Robert J. Hansen wrote: On 6/3/2012 10:46 AM, L G wrote: During command line decryption, pinentry opens a popup window for the passphrase. In the pinentry window, paste (Ctl+V) is not supported. Deal breaker. Storing your passphrase in the clipboard is generally considered unwise and harmful. Your passphrase is a high-value secret: putting it on the clipboard makes it visible to every other process on your system (including malware!). So, if one is incapable of remembering strong passwords (passphrses), this forces them to use either useless passphrase (breakable in less than 5 min using dictionary) or use no passphrase at all. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 Windows 7, pinentry does not allow paste, no way to bypass?
On 06/03/2012 11:50 PM, yyy wrote: So, if one is incapable of remembering strong passwords (passphrses), this forces them to use either useless passphrase (breakable in less than 5 min using dictionary) or use no passphrase at all. If your passphrase is stored on a file on your computer, then you may as well have no passphrase at all, yes. The only safe place for your passphrase is your memory, and even that one is fairly easy to crack. A top-flight hooker costs $5,000 an hour (according to Eliot Spitzer), a great bottle of Scotch costs $250 (Glenmorangie Signet), and between the two you have a fairly cost-effective way to recover a passphrase. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users