Re: [Enigmail] pinentry, keepass2 Enigmail on Debian Jessie
On 05/04/2015 01:57 AM, David wrote: On 5/3/2015 3:30 PM, Jérôme Pinguet wrote: Hi! Good news for user friendly security! I just tested Enigmail 1.8.2, Thunderbird (Icedove) 31.6.0, pinentry-gtk-2 and KeePass 2.28 (the author's last version, not the Debian Jessie version, but both are 2.28 so I guess it will work as well with Debian version) and it seems to work very well and quickly (whereas on Debian Wheezy, it typed passphrases excruciatingly slowly and pinentry responded that the password was wrong 2 tries out of 3 on average, sometimes worse). Let me know if it works for you. I guess it comes from mono (2.10.8 - 3.2.8) upgrade. Cheers. jerome Good for you Linux users and for you Jerome. :-) Sad to say that the powers that be still do not provide that to those of us that use Windows. Sadly Big Brother still lives today. :-( KeePass2 supports all Windows versions: http://keepass.info/download.html And you are free to install a GNU/Linux distribution on your computer and get rid of Windows. Don't be sad! :-) -- OpenPGP / GPG key: 0x14B7E62420E51038 I encrypt emails with GPG, Thunderbird Enigmail. signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
[Enigmail] pinentry, keepass2 Enigmail on Debian Jessie
Hi! Good news for user friendly security! I just tested Enigmail 1.8.2, Thunderbird (Icedove) 31.6.0, pinentry-gtk-2 and KeePass 2.28 (the author's last version, not the Debian Jessie version, but both are 2.28 so I guess it will work as well with Debian version) and it seems to work very well and quickly (whereas on Debian Wheezy, it typed passphrases excruciatingly slowly and pinentry responded that the password was wrong 2 tries out of 3 on average, sometimes worse). Let me know if it works for you. I guess it comes from mono (2.10.8 - 3.2.8) upgrade. Cheers. jerome -- OpenPGP / GPG key: 0x14B7E62420E51038 I encrypt emails with GPG, Thunderbird Enigmail. signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Paste passphrase from clipboard into pinentry dialogbox
On 03/28/2015 08:30 PM, Daniel Kahn Gillmor wrote: [so much for following up on gpg-devel; i'm replying to enigmail because that's where this message went, even though i don't understand the reason to keep this non-enigmail discussion here] On Sat 2015-03-28 15:09:15 -0400, Doug Barton wrote: Finally, someone else already posted the right answer, a tool like Keepass can auto-type the password, bypassing the clipboard. It's also thought to be safe against key loggers, although there is some dispute on that topic. I quite like the Keepass approach. But it's not clear to me that this will work, at least for the versions of pinentry i've seen that grab the input devices (i'm seeing this on X11, at any rate). In this case, I don't think there is a way to trigger keepass to get it to type into the pinentry dialog. What platforms as this approach been tested on? Debian Stable, KeePass2, pinentry-gtk-2 and pinentry-qt4 both work, and are both a bit slow (it might take up to 30 seconds !!! for the pinentry dialog to be accepted, but my password is not insanely long, it's in the 20-40 chars range). I tested it with both GnuPG 1.4.x and 2.0.x In fact I use this on a daily basis combined with Enigmail. Sometimes, for reasons beyond my grasp, pinentry complains of a wrong password. When it happens, i restart keepass2 and then it works again. KeePass2 comes with tons of Mono packages and it's a bit sluggish, but I haven't found anything as reliable yet in the limited offer of Debian packaged free software password managers. If the KeePass2-pinentry process was faster, it would be perfect. By the way Daniel, thanks for your GPG best practices page and more generally for your work related to GPG, Riseup and Debian! :-) I often refer to Riseup GPG Best practices during the cryptoparties I organize in Marseille. Here is the link: https://help.riseup.net/en/security/message-security/openpgp/best-practices Jérôme -- OpenPGP / GPG key: 0x14B7E62420E51038 I encrypt emails with GPG, Thunderbird Enigmail. signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Paste passphrase from clipboard into pinentry dialogbox
On 03/25/2015 10:40 PM, Andre Lahmann wrote: Hello, since upgrading to Enigmail 1.8.x it's not possible anymore to paste the passphrase into the pinentry dialogbox. I'm running Xubuntu 12.04 and neither ctrl+v nor mouse buffer is working (as I am managing my passphrases with keepass I also tried autotype without success). Is this a bug or a feature?!? Best, André Hi! You could use keepass2 to type your password for you. In my experience it's a bit slow if you have a very long password. The trick is to increase default-cache-ttl in ~/.gnupg/gpg-agent.conf to improve usability. Change default auto-type to {Password}{ENTER}, entering the name of the target window helps (pinentry-gtk-2 or pinentry-qt4 for Debian Stable). This method is not perfect: some malware could record virtual keystrokes from keepass2. There is a Two-channel auto-type obfuscation feature supposed to increase security but it doesn't work with pinentry-gtk-2 or pinentry-qt4 AFAIK... If anybody knows how to increase speed of keepas2 -- pinentry communication or how to enable two-channel auto-type obfuscation, let me know. Enigmail 1.8.0 was terrible but 1.8.1 works very well on Debian Stable with regular Icevode version. Thanks for the good work! :-) Thanks. -- OpenPGP / GPG key: 0x14B7E62420E51038 I encrypt emails with GPG, Thunderbird Enigmail. Please do the same or use my secure contact form: https://jerome.cc/gpg signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net