El dissabte, 10 de setembre de 2022, a les 5:00:26 (CEST), Ron Murray va escriure: > I'm working on a project using Qt5, GPG and QCA2, the latter because > it can encrypt and decrypt PGP messages. This, of course, involves > using the qca-gnupg plugin. > > Encryption went fine (there's no need to sign anything (at the > moment, anyway)). Decryption, however, presented a problem: How to get > the password into gpg? I tried following the one example that I could > find (eventhandlerdemo.cpp), but I could never get the PasswordAsker > to, you know, actually ask for a password.
Works fine here [1], i do ./bin/qcatool-qt5 message encrypt pgp P:df11 being df11 the short descriptor [2] of my key that has a passphrase, enter some text on the command line and press Ctrl+D and then run ./bin/qcatool-qt5 message decrypt pgp paste the text on the command line that the encrypt process entered, press Ctrl+D and feed it that and it ends up in the PassphrasePrompt class code asking my passphrase on the command line. Cheers, Albert [1] Well, it needs a fix in the qcatool code, but that's "irrelevant", the library code is fine. https://invent.kde.org/libraries/qca/-/merge_requests/89/diffs [2] you can use qcatool-qt5 keystore list-stores and qcatool-qt5 keystore list ID_OF_THE_GPG_KEYRING to try to find your short id if needed > I did discover, however, > that if I first used gpg to decrypt something (and supplying my > password to the agent in the process), that my program would > successfully decrypt things until the agent timed out (i.e. ten minutes > or so). > > I began to think that the problem lay in the qca2 library. I went > through the source code and did a bit of tracing, and I found that QCA > always supplies "--pinentry-mode loopback" on the gpg command line. > This will never invoke the pinentry dialog, because that mode forces > gpg to ask for a password on the command line, which, apart from being > useless in a GUI application, won't work anyway because QCA also > supplies "--no-tty" on the command line, and that suppresses console > output. > > I managed to modify the qca-gnupg plugin code to replace "-- > pinentry-mode loopback" with "--pinentry-mode default" when it's > decrypting or signing a message, built the libraries, installed it, and > now I get a proper pinentry dialog when I want to decrypt a message. > > So, the questions that I have are these: > > 1. I don't think that QCA, on its own, has any way to supply a password > to gpg or gpg-agent (apart, I suppose, by supplying it on the command > line, and nobody wants that), and anyway it's not implemented. But have > I missed something? Has anyone got QCA to decrypt files with GPG > lately? > > 2. Would this patch be useful for others? Note that it only affects the > qca-gnupg plugin: the rest of QCA is untouched. > > I'm using the current QCA version on Debian testing (2.3.4-1+b1).