On 03/28/2015 08:30 PM, Daniel Kahn Gillmor wrote: > [so much for following up on gpg-devel; i'm replying to enigmail because > that's where this message went, even though i don't understand the > reason to keep this non-enigmail discussion here] > > On Sat 2015-03-28 15:09:15 -0400, Doug Barton wrote: >> Finally, someone else already posted the right answer, a tool like >> Keepass can auto-type the password, bypassing the clipboard. It's also >> thought to be safe against key loggers, although there is some dispute >> on that topic. > I quite like the Keepass approach. > > But it's not clear to me that this will work, at least for the versions > of pinentry i've seen that grab the input devices (i'm seeing this on > X11, at any rate). In this case, I don't think there is a way to > trigger keepass to get it to type into the pinentry dialog. > > What platforms as this approach been tested on? Debian Stable, KeePass2, pinentry-gtk-2 and pinentry-qt4 both work, and are both a bit slow (it might take up to 30 seconds !!! for the pinentry dialog to be accepted, but my password is not insanely long, it's in the 20-40 chars range). I tested it with both GnuPG 1.4.x and 2.0.x
In fact I use this on a daily basis combined with Enigmail. Sometimes, for reasons beyond my grasp, pinentry complains of a wrong password. When it happens, i restart keepass2 and then it works again. KeePass2 comes with tons of Mono packages and it's a bit sluggish, but I haven't found anything as reliable yet in the limited offer of Debian packaged free software password managers. If the KeePass2-pinentry process was faster, it would be perfect. By the way Daniel, thanks for your GPG best practices page and more generally for your work related to GPG, Riseup and Debian! :-) I often refer to Riseup GPG Best practices during the cryptoparties I organize in Marseille. Here is the link: https://help.riseup.net/en/security/message-security/openpgp/best-practices Jérôme -- OpenPGP / GPG key: 0x14B7E62420E51038 I encrypt emails with GPG, Thunderbird & Enigmail.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
