[Gpg4win-users-en] gpg4win: cannot enter passphrase when creating key
bernhard at intevation.de
Mon Nov 11 09:35:11 CET 2013
On Sunday 10 November 2013 at 14:34:36, Alexander Kriegisch wrote:
> I have a fresh installation
> - of gpg4win 2.2.1
> - on Windows XP Pro SP3 (German).
did you ever have Gpg4win or KDE Plattform 4 applications on this windows
installations before? (This is a safety question, they may interfere with
some Registry or Paths settings.)
> First I tried the vanilla version (only GnuPG command line), then later the
> full package with Kleopatra.
Should not make a difference.
> The result is always the same: I cannot create
> a new key pair because somehow the passphrase is not captured correctly. On
> the command line the following happens: - Run cmd.exe
> - gpg --gen-key
> - The whole assistant works nicely until I get to the part where I
> should enter my passphrase. Now nothing happens, I see no dots or
> asterisks when entering the passphrase. I can enter it as many times
> as I want to, the passphrase is not captured. I can only stop the
> process via Ctrl-C. Then the passphrase is written to the console
> as CLEAR TEXT(!) and treated as if I entered it as a command.
Bringing up the pinentry application seems to be the issue.
If you call pinentry.exe on the command line do you get something?
If you get a prompt, try entering "getpin".
> This is a security nightmare.
You need to be more precise than this. Given that you would want to create
a new certificate on a secure system anyway, there does not seem to be much
of an additional attack vector if the certificate is not created at all.
> I cannot understand how something like this
> can ever pass a test unnoticed.
Probably because it usually works, if we knew all the circumstances
where Gpg4win application would run, then it could have been tested.
> By the way, the same problem was reported long ago already, but nothing
> happened. See this thread:
Different version of Gpg4win, probably a different problem.
To be sure we had to have a way to reproduce the issue.
Best Regards and thanks for your report!
www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: This is a digitally signed message part.
More information about the Gpg4win-users-en