Re: gpg-agent/pinentry: How to verify calling application

2017-11-05 Thread Hartmut Knaack 

Hartmut Knaack wrote on 15.07.2017 16:02:

Hi,
on my machine running Linux and a recent KDE/Plasma, pinentry-qt
occasionally starts right after logging in and asks for my passphrase.
Is there any way to track down, which process asks gpg-agent for my private
key? Preferably, I would like pinentry to inform, which process actually is
the source of the key request.
Thanks

Hartmut



Hi,
I just wanted to report back on my issue. So, I actually ran the KWallet
configuration program (kwalletmanager5) and found the main switch in the
properties-menu to disable KWallet in my user account. It has been some
months now, and I have never been annoyed by randomly popping up pinentry
ever since.
Thanks for the help to guide me into the right direction.

Hartmut


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent/pinentry: How to verify calling application

2017-07-19 Thread Werner Koch 
On Wed, 19 Jul 2017 00:10, knaac...@gmx.de said:

> me2486  0.0  0.0  34028  3940 ?SL   21:46   0:00 gpg2 
> --enable-special-filenames --batch --no-sk-comments --status-fd 11 --no-tty 
> --charset utf8 --enable-progress-filter --exit-on-status-write-error 
> --display :0 --ttyname kein Terminal --ttytype xterm --decrypt --output - -- 
> -&14

FWIW: That looks like an gpg invovation via GPGME.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpCXWm9MU1__.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent/pinentry: How to verify calling application

2017-07-18 Thread Hartmut Knaack 
Werner Koch schrieb am 16.07.2017 um 21:17:
> On Sun, 16 Jul 2017 09:30, d...@fifthhorseman.net said:
> 
>> I don't think there's currently any plan to do anything like this, but
> 
> Actually this is implemented since GnuPG 2.1.19 (Debian has 2.1.18,
> though) when used withwith a pinentry from Git after 2017-02-03.  There
> you will see in the titlebar something like
> 
>   [PID]@HOSTNAME (gpg --clearsign)
> 

I hope not to get too far off topic, but I encountered that suspicious
request of pinentry right after loggin into KDE, again. So, with the PID it
provided, I checked with ps aux:

me2486  0.0  0.0  34028  3940 ?SL   21:46   0:00 gpg2 
--enable-special-filenames --batch --no-sk-comments --status-fd 11 --no-tty 
--charset utf8 --enable-progress-filter --exit-on-status-write-error --display 
:0 --ttyname kein Terminal --ttytype xterm --decrypt --output - -- -&14

And pstree outputs:

systemd---systemd---gpg2

When hitting cancel on that pinentry window, I get another window, stating
that kwallet wants to get access to my private key.
Any idea why this is happening or how I should proceed analysing? The only
legit process I would see should be my e-mail client.
Thanks,

Hartmut



0xFAC89148.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent/pinentry: How to verify calling application

2017-07-17 Thread Werner Koch 
On Mon, 17 Jul 2017 00:38, knaac...@gmx.de said:

> This is much better. Somehow of a problem is just, that the pinentry window
> is not resizable, so the window title gets cut off. I would say, all this
> information should better be put inside the window itself.

Too much info for most users.  Adding a tooltip would be possible, though.

> It would also be nice, if you could release a new version, so distributors
> can pick up and build it.

Yes, that should be done.  (https://dev.gnupg.org/T3279)


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp4f8sALLZm5.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent/pinentry: How to verify calling application

2017-07-16 Thread Hartmut Knaack 
Werner Koch schrieb am 16.07.2017 um 21:17:
> On Sun, 16 Jul 2017 09:30, d...@fifthhorseman.net said:
> 
>> I don't think there's currently any plan to do anything like this, but
> 
> Actually this is implemented since GnuPG 2.1.19 (Debian has 2.1.18,
> though) when used withwith a pinentry from Git after 2017-02-03.  There
> you will see in the titlebar something like
> 
>   [PID]@HOSTNAME (gpg --clearsign)
> 

This is much better. Somehow of a problem is just, that the pinentry window
is not resizable, so the window title gets cut off. I would say, all this
information should better be put inside the window itself.
It would also be nice, if you could release a new version, so distributors
can pick up and build it.
Thanks

Hartmut

> 
> Salam-Shalom,
> 
>Werner
> 



0xFAC89148.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent/pinentry: How to verify calling application

2017-07-16 Thread Hartmut Knaack 
Shawn K. Quinn schrieb am 16.07.2017 um 09:48:
> On 07/15/2017 09:02 AM, Hartmut Knaack wrote:
>> Hi,
>> on my machine running Linux and a recent KDE/Plasma, pinentry-qt
>> occasionally starts right after logging in and asks for my passphrase.
>> Is there any way to track down, which process asks gpg-agent for my private
>> key? Preferably, I would like pinentry to inform, which process actually is
>> the source of the key request.
>> Thanks
> 
> This is a bit of a "duct tape"  but you could try:
> 
> # chmod 000 `which pinentry-qt`
> 
> then reboot and see what program throws an error (besides GnuPG).
> 
> Don't forget to change it back when done testing.
> 

Thanks for the hint. Unfortunately, it happens just very occasionally,
and I haven't figured out yet, what the reason may be. I have been logging
on at least ten times, and even fully rebooted five times today, without
getting such a request.
I have now installed the git version of pinentry and will just wait for
this issue to happen next.
Thanks,

Hartmut

> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 



0xFAC89148.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent/pinentry: How to verify calling application

2017-07-16 Thread Werner Koch 
On Sun, 16 Jul 2017 09:30, d...@fifthhorseman.net said:

> I don't think there's currently any plan to do anything like this, but

Actually this is implemented since GnuPG 2.1.19 (Debian has 2.1.18,
though) when used withwith a pinentry from Git after 2017-02-03.  There
you will see in the titlebar something like

  [PID]@HOSTNAME (gpg --clearsign)


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpZWL4U52f3T.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent/pinentry: How to verify calling application

2017-07-16 Thread Shawn K. Quinn 
On 07/15/2017 09:02 AM, Hartmut Knaack wrote:
> Hi,
> on my machine running Linux and a recent KDE/Plasma, pinentry-qt
> occasionally starts right after logging in and asks for my passphrase.
> Is there any way to track down, which process asks gpg-agent for my private
> key? Preferably, I would like pinentry to inform, which process actually is
> the source of the key request.
> Thanks

This is a bit of a "duct tape"  but you could try:

# chmod 000 `which pinentry-qt`

then reboot and see what program throws an error (besides GnuPG).

Don't forget to change it back when done testing.

-- 
Shawn K. Quinn 
http://www.rantroulette.com
http://www.skqrecordquest.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent/pinentry: How to verify calling application

2017-07-16 Thread Daniel Kahn Gillmor 
On Sat 2017-07-15 16:02:22 +0200, Hartmut Knaack wrote:
> on my machine running Linux and a recent KDE/Plasma, pinentry-qt
> occasionally starts right after logging in and asks for my passphrase.
> Is there any way to track down, which process asks gpg-agent for my private
> key? Preferably, I would like pinentry to inform, which process actually is
> the source of the key request.

pinentry itself doesn't know the source of the request, but gpg-agent
could use getsockopt(SO_PEERCRED) to get at least the requesting
process's pid, uid, and gid.

the pid is kind-of usable (with some possibility of a race) to learn
something about which process made the request, which gpg-agent could
pass on to the pinentry.

I don't think there's currently any plan to do anything like this, but
if you want it to happen, i recommend documenting the idea in a ticket
on https://dev.gnupg.org/ so that there's somewhere to keep track of it
and potentially collect proposed patches.

Regards,

   --dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg-agent/pinentry: How to verify calling application

2017-07-15 Thread Hartmut Knaack 
Hi,
on my machine running Linux and a recent KDE/Plasma, pinentry-qt
occasionally starts right after logging in and asks for my passphrase.
Is there any way to track down, which process asks gpg-agent for my private
key? Preferably, I would like pinentry to inform, which process actually is
the source of the key request.
Thanks

Hartmut


0xFAC89148.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users