On Mon, 26 Nov 2018 09:48, patr...@enigmail.net said: > its focus. In other words, Enigmail does not ask you for your passphrase > - that's fully controlled by GnuPG.
Not really. For security reasons Windows has strict rules on which process can put itself into the focus. Enigmail needs to tell Pinentry, via gpg, that it may take the focus and request input. This is implemented by a callback mechanism all the way from Pinentry, via gpg-agent and gpg up to the calling process (Thunderbird here). In the case of Enigmail, it needs to call AllowSetForegroundWindow with the process handle of the just created gpg process. In turn, gpg detects the Pinentry launch and calls AllowSetForegroundWindow on the Process handle of the started Pinentry. Only then then Pinentry may display itself. Further, when calling AllowSetForegroundWindow the process must have its Window already in the foregorund. Sometimes other Windows get in the way and even a correct implemented AllowSetForegroundWindow chain will not work. As per Windows security architecture, the Pinentry will announce itself in the taskbar. I would recommend to increase the passphrase caching time so that the Pinentry dialog is not required too often. Usually there is not much security gain by always entering the passphrase: Any attacking malware will first install a keylogger and can thus grab the passphrase in any case. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpRBPe2zXO2X.pgp
Description: PGP signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
