Re: gpg-agent/pinentry: How to verify calling application
Hartmut Knaack wrote on 15.07.2017 16:02: Hi, on my machine running Linux and a recent KDE/Plasma, pinentry-qt occasionally starts right after logging in and asks for my passphrase. Is there any way to track down, which process asks gpg-agent for my private key? Preferably, I would like pinentry to inform, which process actually is the source of the key request. Thanks Hartmut Hi, I just wanted to report back on my issue. So, I actually ran the KWallet configuration program (kwalletmanager5) and found the main switch in the properties-menu to disable KWallet in my user account. It has been some months now, and I have never been annoyed by randomly popping up pinentry ever since. Thanks for the help to guide me into the right direction. Hartmut ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent/pinentry: How to verify calling application
On Wed, 19 Jul 2017 00:10, knaac...@gmx.de said: > me2486 0.0 0.0 34028 3940 ?SL 21:46 0:00 gpg2 > --enable-special-filenames --batch --no-sk-comments --status-fd 11 --no-tty > --charset utf8 --enable-progress-filter --exit-on-status-write-error > --display :0 --ttyname kein Terminal --ttytype xterm --decrypt --output - -- > -&14 FWIW: That looks like an gpg invovation via GPGME. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpCXWm9MU1__.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent/pinentry: How to verify calling application
Werner Koch schrieb am 16.07.2017 um 21:17: > On Sun, 16 Jul 2017 09:30, d...@fifthhorseman.net said: > >> I don't think there's currently any plan to do anything like this, but > > Actually this is implemented since GnuPG 2.1.19 (Debian has 2.1.18, > though) when used withwith a pinentry from Git after 2017-02-03. There > you will see in the titlebar something like > > [PID]@HOSTNAME (gpg --clearsign) > I hope not to get too far off topic, but I encountered that suspicious request of pinentry right after loggin into KDE, again. So, with the PID it provided, I checked with ps aux: me2486 0.0 0.0 34028 3940 ?SL 21:46 0:00 gpg2 --enable-special-filenames --batch --no-sk-comments --status-fd 11 --no-tty --charset utf8 --enable-progress-filter --exit-on-status-write-error --display :0 --ttyname kein Terminal --ttytype xterm --decrypt --output - -- -&14 And pstree outputs: systemd---systemd---gpg2 When hitting cancel on that pinentry window, I get another window, stating that kwallet wants to get access to my private key. Any idea why this is happening or how I should proceed analysing? The only legit process I would see should be my e-mail client. Thanks, Hartmut 0xFAC89148.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent/pinentry: How to verify calling application
On Mon, 17 Jul 2017 00:38, knaac...@gmx.de said: > This is much better. Somehow of a problem is just, that the pinentry window > is not resizable, so the window title gets cut off. I would say, all this > information should better be put inside the window itself. Too much info for most users. Adding a tooltip would be possible, though. > It would also be nice, if you could release a new version, so distributors > can pick up and build it. Yes, that should be done. (https://dev.gnupg.org/T3279) Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgp4f8sALLZm5.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent/pinentry: How to verify calling application
Werner Koch schrieb am 16.07.2017 um 21:17: > On Sun, 16 Jul 2017 09:30, d...@fifthhorseman.net said: > >> I don't think there's currently any plan to do anything like this, but > > Actually this is implemented since GnuPG 2.1.19 (Debian has 2.1.18, > though) when used withwith a pinentry from Git after 2017-02-03. There > you will see in the titlebar something like > > [PID]@HOSTNAME (gpg --clearsign) > This is much better. Somehow of a problem is just, that the pinentry window is not resizable, so the window title gets cut off. I would say, all this information should better be put inside the window itself. It would also be nice, if you could release a new version, so distributors can pick up and build it. Thanks Hartmut > > Salam-Shalom, > >Werner > 0xFAC89148.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent/pinentry: How to verify calling application
Shawn K. Quinn schrieb am 16.07.2017 um 09:48: > On 07/15/2017 09:02 AM, Hartmut Knaack wrote: >> Hi, >> on my machine running Linux and a recent KDE/Plasma, pinentry-qt >> occasionally starts right after logging in and asks for my passphrase. >> Is there any way to track down, which process asks gpg-agent for my private >> key? Preferably, I would like pinentry to inform, which process actually is >> the source of the key request. >> Thanks > > This is a bit of a "duct tape" but you could try: > > # chmod 000 `which pinentry-qt` > > then reboot and see what program throws an error (besides GnuPG). > > Don't forget to change it back when done testing. > Thanks for the hint. Unfortunately, it happens just very occasionally, and I haven't figured out yet, what the reason may be. I have been logging on at least ten times, and even fully rebooted five times today, without getting such a request. I have now installed the git version of pinentry and will just wait for this issue to happen next. Thanks, Hartmut > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > 0xFAC89148.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent/pinentry: How to verify calling application
On Sun, 16 Jul 2017 09:30, d...@fifthhorseman.net said: > I don't think there's currently any plan to do anything like this, but Actually this is implemented since GnuPG 2.1.19 (Debian has 2.1.18, though) when used withwith a pinentry from Git after 2017-02-03. There you will see in the titlebar something like [PID]@HOSTNAME (gpg --clearsign) Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpZWL4U52f3T.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent/pinentry: How to verify calling application
On 07/15/2017 09:02 AM, Hartmut Knaack wrote: > Hi, > on my machine running Linux and a recent KDE/Plasma, pinentry-qt > occasionally starts right after logging in and asks for my passphrase. > Is there any way to track down, which process asks gpg-agent for my private > key? Preferably, I would like pinentry to inform, which process actually is > the source of the key request. > Thanks This is a bit of a "duct tape" but you could try: # chmod 000 `which pinentry-qt` then reboot and see what program throws an error (besides GnuPG). Don't forget to change it back when done testing. -- Shawn K. Quinnhttp://www.rantroulette.com http://www.skqrecordquest.com signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent/pinentry: How to verify calling application
On Sat 2017-07-15 16:02:22 +0200, Hartmut Knaack wrote: > on my machine running Linux and a recent KDE/Plasma, pinentry-qt > occasionally starts right after logging in and asks for my passphrase. > Is there any way to track down, which process asks gpg-agent for my private > key? Preferably, I would like pinentry to inform, which process actually is > the source of the key request. pinentry itself doesn't know the source of the request, but gpg-agent could use getsockopt(SO_PEERCRED) to get at least the requesting process's pid, uid, and gid. the pid is kind-of usable (with some possibility of a race) to learn something about which process made the request, which gpg-agent could pass on to the pinentry. I don't think there's currently any plan to do anything like this, but if you want it to happen, i recommend documenting the idea in a ticket on https://dev.gnupg.org/ so that there's somewhere to keep track of it and potentially collect proposed patches. Regards, --dkg signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg-agent/pinentry: How to verify calling application
Hi, on my machine running Linux and a recent KDE/Plasma, pinentry-qt occasionally starts right after logging in and asks for my passphrase. Is there any way to track down, which process asks gpg-agent for my private key? Preferably, I would like pinentry to inform, which process actually is the source of the key request. Thanks Hartmut 0xFAC89148.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users