[Gpg4win-users-en] Copy-paste deactivated in Gpg4win 2.2.2

PrivacyDefence webmaster at privacydefence.org
Wed Oct 1 21:06:11 CEST 2014 

Quote: “Can you try making sure that pinentry-qt4 is actually used?”
Sure, how do I do that?
If it matters, no file by that exact name exists in the “GnuPG” folder
on Windows. I'll be happy to send screendumps if relevant.

Quote: “Which application accepts the password? Is this Enigmail itself?”
The password is chosen during the Enigmail Setup Wizard. At a later step
in this wizard a revocation certificate is generated and saved. That is
where pinentry.exe pops up for the first time and ask for the password.
Pasting is now disabled.
Later on, for decrypting emails etc. it is also pinentry.exe that ask
for the password, and again with no option for copy/paste.

Quote: “Unless there is a different component interfering.”
Looks to me like you are spot on. Indeed, the Enigmail Setup Wizard will
accept copy/paste, but pinentry.exe will not.

---
Kind regards
Anders
www.PrivacyDefence.org

Public key:
www.privacydefence.org/?page_id=69




On 01-10-2014 09:48, Bernhard Reiter wrote:
> Hi again,
> 
> On Monday 29 September 2014 at 22:18:25, PrivacyDefence wrote:
>> Quote: “a) does the current pinentry-qt4 work for you, technically?”
>>
>> I think it works as intended. That is, I can type in the chosen password
>> without any issues. But any sort of copy and paste is disabled
> 
> As intended, as far as I know, it should allow the pasting of passwords.
> So you are saying it does not allow pasting, so there may be a defect
> or you are using a different pinentry-qt4.
> 
> For analysis purposes: Can you try making sure that pinentry-qt4 is actually 
> used?
> 
>> Quote: “b) [...] So what is the default with your tutorial/Enigmail?”
> 
>> We currently recommend to install Gpg4win with all default
>> setting except for one thing: We advocate to install “GnuPG” and nothing
>> else. However, we have also tried to go 100% default and install ALL the
>> components that are ticked off by default. 
> 
> We do recommend installing GnuPG and Kleopatra at least because
> for full functionality you need to have an UIserver. Some applications
> use the recommended way of interacting with GnuPG which is gpgme and
> uiserver. (I know that technical difficulties make it very hard for Enigmail 
> to switch to gpgme. Still if other applications want to make use of Gpg4win, 
> they need the uiserver, like Gpgex.)
> 
>> Note also that you can copy and paste your password when choosing it,
>> not knowing that it will not work later on. 
> 
> I wonder how this work. 
> Which application accepts the password? Is this Enigmail itself?
> It should be the same pinentry variant that is used later, so this does not 
> make sense. If pinentry can do pasting, this supposetly is pinentry-qt4
> and then it should work in the first case as well. Unless there is a different 
> component interfering.
> 
> 
>> Quote: “c) Is allowing a password paste and copy a good idea?”
>>
>> I find it almost impossible to manage passwords in a secure way without
>> the use of a password manager. 
> 
> Let us postpone this discussion or take it elsewhere, as long as we still
> have potential defects.
> 
> Best,
> Bernhard
> 
> 
> 
> _______________________________________________
> Gpg4win-users-en mailing list
> Gpg4win-users-en at wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/gpg4win-users-en
>

More information about the Gpg4win-users-en mailing list