Mailing List Archive

Hi,

On Thursday 3 January 2019 16:51:08 CET Jeroen Ooms wrote:
> I maintain the gpgme bindings for the R programming language, and we
> use a have a custom password entry dialog in the GUI application.
> IIRC, the following code used to work about 2 or 3 years ago:
>
> gpgme_set_pinentry_mode(ctx, GPGME_PINENTRY_MODE_LOOPBACK);
> gpgme_set_passphrase_cb(ctx, cb_fun, payload);
>
> However I tried this with gpgme 1.11 (Windows) and 1.12 (MacOS), and
> this does not seem to work anymore at all. The cb_fun is never
> invoked, neither with gpg 1.4 nor gpg 2.2.

Strange. It should work with gpg 1.4 and gpg > 2.1 (with the loopback). I have
a test in the Qt testsuite that uses it. There I have the logic:

static bool decryptSupported()
{
/* With GnuPG 2.0.x (at least 2.0.26 by default on jessie)
* the passphrase_cb does not work. So the test popped up
* a pinentry. So tests requiring decryption don't work. */
static auto version = GpgME::engineInfo(GpgME::GpgEngine).engineVersion();
if (version < "2.0.0") {
/* With 1.4 it just works */
return true;
}
if (version < "2.1.0") {
/* With 2.1 it works with loopback mode */
return false;
}
return true;
}

The only version for which it does not work is afaik 2.0.x

That is using Protocol / Engine OpenPGP. I think for S/MIME it does not work.

> Also the documentation for gpgme_set_passphrase_cb says "Some engines
> do not even support an external passphrase callback at all, in this
> case the error code GPG_ERR_NOT_SUPPORTED is returned" however the
> function returns void so this seems incorrect.

Indeed.

> I was wondering if it is possible to update the
> gpgme_set_passphrase_cb documentation on the current situation, which
> versions of gnupg it is expected to work, under which
> conditions/settings.

Something else seems wrong in your setup / code. It should work for you.

Maybe take a look at the gpgme log to see more about what happens.

Best Regards,
Andre

--
GnuPG e.V., Rochusstr. 44, D-40479 D?sseldorf. VR 11482 D?sseldorf
Vorstand: W.Koch, M.Gollowitzer, A.Heinecke. Mail: board@gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779. Tel: +49-2104-4938799

On Mon, Jan 7, 2019 at 10:47 AM Andre Heinecke <aheinecke@gnupg.org> wrote:
> > I was wondering if it is possible to update the
> > gpgme_set_passphrase_cb documentation on the current situation, which
> > versions of gnupg it is expected to work, under which
> > conditions/settings.
>
> Something else seems wrong in your setup / code. It should work for you.
> Maybe take a look at the gpgme log to see more about what happens.

OK it does work indeed, I realize my mistake now. First I assumed the
passphrase would be required when importing or exporting keys, as is
the case for ssh/PEM files. But I understand now that gpg will import
an encrypted gpg key; the passphrase is only needed when actually
using the key.

In addition, I was confused because gpg seems to be using ssh-agent to
cache keys? The passphrase callback function was not being invoked
because the unlocked key was cached apparently. I have never setup
gpg-agent on this machine, but I am running ssh-agent. Anyway I
cleared the cache:

echo RELOADAGENT | gpg-connect-agent

And now I do get prompted for the passphrase when trying to sign with
the encrypted key!

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel