Re: Passphrase window freezes my DE's panel - is this a bug?
First of all, you have created three threads about it. When you reply to an email, you need to actually reply that mail. Just using the same subject does not make the email get into the thread (could you imagine the threads for emails title "Bug"?). I am replying to the original thread, and glossing over points pentioned over several threads. > I don't know which of the many GPG packages throws up the passphrase window, > to know to which package a bug > report should be directed (if it is a bug). I might have thought > pinentry[*], but it is NOT one of the upgraded packages. > (I have pinentry-curses and pinentry-gnome3 (curiously, not pinentry-qt...), > at versions 1.1.0-3+b1) > > My QtPass is at version 1.3.2-1, and pass is at 1.7.3-2. > (My assumption is that QtPass is calling a GPG function that sometimes asks > for the passphrase, or that QtPass calls > a pass function that is calling a GPG function that sometimes asks for the > passphrase.) QtPass is a frontend for pass, which itself is a password manager based on gpg. So it's normal that a prompt for the underlying gpg key ends up appearing. > It then asks for it again, either after a certain number of minutes, > or after a certain number of password uses in QtPass. > > You may play with the agent ttl options on ~/.gnupg/gpg.conf so that it doesn't request it so often https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html#Agent-Options > Is this a bug, or a (security?) feature? It is a (somewhat annoying) feature. By grabbing the keyboard: a) it ensures that i don't accidentally type into another window when i think i'm typing in the prompter b) it keeps other X11 clients from sniffing the keyboard input -- dkg on Debian bug 930062 > > > I got tired of always having to bring up my file manager, and then opening > the file containing the passphrase, > and copy and pasting it into the passphrase field, each time GPG wanted the > passphrase. You shouldn't have the password for the password manager on a file along it. > > Secondly, I could write the passphrase down... I could write ALL my > passwords down, and then I would not need a password manager! > Not very practical. There is ONE passphrase you cannot keep stored in the password manager. That's the one that gives you access to the password manager itself.† You are having issues with that one passphrase. Writing down all your passwords as you propose would be equivalent to using your password manager with no password manager password (it may not be a good idea, but you *could* do that). > Thirdly, the password manager itself copies passwords to the > clipboard, to be pasted into input fields. > If using the clipboard is unsafe, then GPG would disallow its use in > password managers as well, would it not? It's not that the clipboard is unsafe‡ The problem with your flow is that you are copying the master password from an unsafe place. The reason for the master password is that, should anyone steal your files (either physically or remotely), they would not be able to get to the secrets stored on your password manager. Passwords should be either directly typed or copied from a password manager. If you copy that password from another file, the file from which you are copying it is the insecure part, not that you move it from that file through the clipboard. It would be the same issue if you had the text file open in the background and you typed it from there. Be careful what you wish for, btw. Some pinentries *do* block pasting from the clipboard. I had to type a gpg password that I had available on the password manager, when the system launched the wrong™ pinentry. ☹ > If one is supposed to have long, complicated, > difficult-to-remember-and-type passwords (which one cannot even > see when they are being entered!), then one HAS to use a clipboard to > get them from where they are stored into where they are needed, > and the passphrase is supposed to be even longer (since it unlocks > access to all the others). > Above you were arguing for writing down all your passwords in plain text, now you they need to be very difficult-to-remember-and-type passwords. Also, you have a few misconceptions: > long, complicated, difficult-to-remember-and-type passwords Passwords don't need to be “complicated to type”. The classic example would be 'Tr0ub4dor&3' vs 'correct horse battery staple' from https://xkcd.com/936/ The goal isn't that they are difficult to remember either. If I needed to set one, I would state it as ‘use an unique, random password for each realm’. Here 'random' just means «unpredictable». You could take your passwords from the telephone book. What you shall not use is the phone number of your Granny, since it'd be predictable that you used a number you already knew, such as the one a family member. Learning by heart a telephone number of a stranger you got by randomly opening it would work. ⁂ And memorizing it
Re: Passphrase window freezes my DE's panel - is this a bug?
> On 27 Apr 2020, at 01:15, Scott C Jacobs via Gnupg-users > wrote: > > the passphrase window allows > nothing to happen until I enter the passphrase and click OK or click on > cancel. This is definitely not pinentry then. It’s most likely a unified desktop passphrase manager such as gnome-keyring. A ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Passphrase window freezes my DE's panel - is this a bug?
> If using the clipboard is unsafe, then GPG would disallow its use in > password managers as well, would it not? How would it do so? > If one is supposed to have long, complicated, > difficult-to-remember-and-type passwords (which one cannot even see > when they are being entered!), then one HAS to use a clipboard to get > them from where they are stored into where they are needed, Nonsense. A prior job literally *required* that I not only use completely random passwords, but 128 bits of them, and completely change them every six months, for four different networks. It was incredibly annoying but possible. If I can remember "ZECY17pJQo9PoeVqJ4S/lA==" and three others like it, and change them twice a year, then it's simply untrue that "one HAS to use a clipboard to get them from where they are stored into where they are needed". Convenient, absolutely. Good UI design, also. But not *required*. Further, I don't know who told you that your passphrase must be long, complicated, difficult to remember and difficult to type. The passphrase exists as a defense in the event someone's able to steal your private key: but if you think you've already defended against theft adequately, use a short passphrase or none at all. Like so many things, it all depends on your own risk model. > Again - this disallowing of any input but that of the passphrase > window is NEW. It did not happen until recently. Perhaps I missed something, but did the GnuPG team write your pinentry? If not, they're really not in a good position to offer help. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Passphrase window freezes my DE's panel - is this a bug?
On 20200426, Scott C Jacobs via Gnupg-users wrote: The problem is, that even if I have a terminal window open into which I wanted to type xwininfo and xprop, once the passphrase window appears, I cannot use the terminal or anything else - the passphrase window allows nothing to happen until I enter the passphrase and click OK or click on cancel. Then I could use the terminal and type those commands, but the passphrase window I wished to query is gone after OK or cancel... FWIW, when I plug in a USB encrypted backup drive, it has a popup passphrase window which also locks out all other windows. I show my passphrase and use CTRL-SHIFT-C to copy it before plugging in the drive, then use CTRL-SHIFT-V to paste it into the popup window. I suppose this is not as secure as it should be, but it's good enough for me. -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman & wood chipper / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Passphrase window freezes my DE's panel - is this a bug?
On 4/26/20 1:53 PM, Scott C Jacobs via Gnupg-users wrote: The problem is, that even if I have a terminal window open into which I wanted to type xwininfo and xprop, once the passphrase window appears, I cannot use the terminal or anything else - the passphrase window allows nothing to happen until I enter the passphrase and click OK or click on cancel. Then I could use the terminal and type those commands, but the passphrase window I wished to query is gone after OK or cancel... >This is by design I think. I'm pretty sure that it's been true since PGP if I >recall correctly. The idea is to not allow other software to run that could >peek at what you are typing. You might want to write your passphrase on a >card to help you remember it. But you can't run anything else while it is >being entered. First of all, this did not happen until the other day - I have been using my "click on the launcher icon to copy the passphrase to the clipboard" system for months now, and it worked fine. Secondly, I could write the passphrase down... I could write ALL my passwords down, and then I would not need a password manager! Not very practical. Thirdly, the password manager itself copies passwords to the clipboard, to be pasted into input fields. If using the clipboard is unsafe, then GPG would disallow its use in password managers as well, would it not? If one is supposed to have long, complicated, difficult-to-remember-and-type passwords (which one cannot even see when they are being entered!), then one HAS to use a clipboard to get them from where they are stored into where they are needed, and the passphrase is supposed to be even longer (since it unlocks access to all the others). There has to be a way to access the passphrase when the passphrase-entry window magically appears (which, naturally, is when one is short of time!) Again - this disallowing of any input but that of the passphrase window is NEW. It did not happen until recently. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Passphrase window freezes my DE's panel - is this a bug?
>To find out what process is controlling a window, you could use xwininfo and >xprop as described in this SO answer: >https://unix.stackexchange.com/a/84981 The problem is, that even if I have a terminal window open into which I wanted to type xwininfo and xprop, once the passphrase window appears, I cannot use the terminal or anything else - the passphrase window allows nothing to happen until I enter the passphrase and click OK or click on cancel. Then I could use the terminal and type those commands, but the passphrase window I wished to query is gone after OK or cancel... ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Passphrase window freezes my DE's panel - is this a bug?
> On 26 Apr 2020, at 05:04, Scott C Jacobs via Gnupg-users > wrote: > > I don't know which of the many GPG packages throws up the passphrase window, > to know to which package a bug > report should be directed (if it is a bug). I might have thought > pinentry[*], but it is NOT one of the upgraded packages. > (I have pinentry-curses and pinentry-gnome3 (curiously, not pinentry-qt...), > at versions 1.1.0-3+b1) To find out what process is controlling a window, you could use xwininfo and xprop as described in this SO answer: https://unix.stackexchange.com/a/84981 A___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users