18 months agotty: correct comments
Daniel Kahn Gillmor [Mon, 20 Apr 2015 07:21:06 +0000 (04:21 -0300)]
tty: correct comments

* tty/, tty/pinentry-tty.c: comments were copy/pasted from
  pinentry-curses; correcting them.

Signed-off-by: Daniel Kahn Gillmor <>
19 months agogtk: Really always set the window as transient.
Damien Goutte-Gattat [Wed, 23 Aug 2017 19:46:22 +0000 (21:46 +0200)]
gtk: Really always set the window as transient.

* gtk+-2/pinentry-gtk-2.c (make_transient): Set the window as
transient even if we do not grab the keyboard.

In the previous commit attempting to fix issue 3253, the window
was set as transient only in grabbing mode. The window should
actually always be set as transient, independently of whether
we grab the keyboard or not. This is especially important now
that --no-grab is the default behavior of GnuPG Agent.

GnuPG-bug-id: 3253
Fixes-commit: f69dadc6ccea7672869436291ab5c1f58d545466
Signed-off-by: Damien Goutte-Gattat <>
19 months agocore: Supress compiler warnings.
Marcus Brinkmann [Wed, 23 Aug 2017 13:46:17 +0000 (15:46 +0200)]
core: Supress compiler warnings.

* pinentry/password-cache.c (password_cache_save, password_cache_lookup,
password_cache_clear) [!HAVE_LIBSECRET]: Suppress unused parameter

Signed-off-by: Marcus Brinkmann <>
20 months agogtk: Disable tooltips in keyboard-grabbing mode.
Damien Goutte-Gattat [Thu, 3 Aug 2017 20:56:49 +0000 (22:56 +0200)]
gtk: Disable tooltips in keyboard-grabbing mode.

* gtk+-2:/pinentry-gtk-2.c (show_hide_button): Do not show the
tooltip if we attempt to grab the keyboard.
(create_window): Likewise.

For unclear reasons, those tooltips may interfere with grabbing
under some tiling window managers.

GnuPG-bug-id: 3297
Signed-off-by: Damien Goutte-Gattat <>
21 months agodoc: Make Emacs frontend description more accurate
Daiki Ueno [Wed, 12 Jul 2017 19:28:58 +0000 (21:28 +0200)]
doc: Make Emacs frontend description more accurate

* doc/pinentry.texi (Front ends): Remove false assertions on
insecurity of Emacs, and mention allow-emacs-pinentry option of

Proofread-by: Marcus Brinkmann <>
GnuPG-bug-id: 2034

21 months agocore: Disable "save passphrase" checkbox without secret service.
Marcus Brinkmann [Wed, 12 Jul 2017 16:46:36 +0000 (18:46 +0200)]
core: Disable "save passphrase" checkbox without secret service.

* pinentry/password-cache.c (password_cache_lookup): New argument
FATAL_ERROR.  Set it on fatal error.
* pinentry/password-cache.h (password_cache_lookup): New argument
FATAL_ERROR in declaration.
* pinentry/pinentry.c (cmd_getpin): On fatal error, disallow
external password store.
* NEWS: Update.

Signed-off-by: Marcus Brinkmann <>
GnuPG-bug-id: 2023

21 months agoUse pkg-config consistently.
Alon Bar-Lev [Tue, 11 Jul 2017 18:54:42 +0000 (20:54 +0200)]
Use pkg-config consistently.

* Invoke PKG_PROG_PKG_CONFIG. Consistently use
PKG_CHECK_MODULES for GTK+2.0, Gnome 3 and libsecret.
* gnome3/ (AM_CPPFLAGS, LDADD): Adjust Gnome 3 flags.
* gtk+-2/ (AM_CPPFLAGS, LDADD): Adjust Gtk+2.0 flags.

Proofread-by: Marcus Brinkmann <>
Signed-off-by: Alon Bar-Lev <>
GnuPG-bug-id: 2049

21 months agocurses: Add option to beep or flash terminal on dialog.
Marcus Brinkmann [Tue, 11 Jul 2017 17:06:22 +0000 (19:06 +0200)]
curses: Add option to beep or flash terminal on dialog.

* pinentry/pinentry-curses.c (dialog_run): Beep or flash terminal.
* pinentry/pinentry.c (pinentry_reset): Reset ttyalert option.
(pinentry_parse_opts): Parse option ttyalert.
(option_handler): Handle option ttyalert.
* pinentry/pinentry.h (struct pinentry): New option ttyalert.

Signed-off-by: Marcus Brinkmann <>
GnuPG-bug-id: 2013

21 months agogtk: Always set the window as transient.
Damien Goutte-Gattat [Wed, 5 Jul 2017 09:22:46 +0000 (11:22 +0200)]
gtk: Always set the window as transient.

* gtk+-2/pinentry-gtk-2.c (create_window): Setup the make_transient
callback whether we ask for a passphrase or not.

Making the window transient seems necessary for (at least some)
tiling window managers to make sure the dialog is floating.

GnuPG-bug-id: 3253
Signed-off-by: Damien Goutte-Gattat <>
21 months agocore: Add example on how to print a FEATURES line.
Werner Koch [Wed, 22 Feb 2017 17:43:50 +0000 (18:43 +0100)]
core: Add example on how to print a FEATURES line.


23 months agoqt: Improve width of pinentryconfirm
Andre Heinecke [Wed, 3 May 2017 09:49:09 +0000 (11:49 +0200)]
qt: Improve width of pinentryconfirm

* qt/pinentryconfirm.cpp (PinentryConfirm::showEvent): Add spacer
item for text width.

This fixes a pinentry-qt4 bug where part of the text might have
been hidden. And improves the layout for pinentry-qt5 where
the fingerprint will no longer be wordwrapped. Needs to be
done in the show event because only there we have the icon available.

23 months agoqt: Fix build with Qt4
Andre Heinecke [Wed, 3 May 2017 09:48:16 +0000 (11:48 +0200)]
qt: Fix build with Qt4

* qt/main.cpp (main): Don't use Q_NULLPTR.

2 years agofltk: Remove commented-out code.
Justus Winter [Wed, 8 Mar 2017 15:49:44 +0000 (16:49 +0100)]
fltk: Remove commented-out code.

* fltk/main.cxx: Remove commented-out code.

Signed-off-by: Justus Winter <>
2 years agofltk: Fix warning.
Justus Winter [Wed, 8 Mar 2017 15:49:21 +0000 (16:49 +0100)]
fltk: Fix warning.

* fltk/main.cxx (fltk_cmd_handler): Use a 'std::unique_ptr' instead of
a deprecated 'std::auto_ptr'.

Signed-off-by: Justus Winter <>
2 years agofltk: Add a FLTK-based pinentry.
Anatoly madRat L. Berenblit [Tue, 7 Feb 2017 16:18:41 +0000 (17:18 +0100)]
fltk: Add a FLTK-based pinentry.

* NEWS: Update.
* Add new subdirectory.
* Add configuration for FLTK.
* fltk/ New file.
* fltk/encrypt.xpm: Likewise.
* fltk/icon.xpm: Likewise.
* fltk/main.cxx: Likewise.
* fltk/passwindow.cxx: Likewise.
* fltk/passwindow.h: Likewise.
* fltk/pinwindow.cxx: Likewise.
* fltk/pinwindow.h: Likewise.
* fltk/qualitypasswindow.cxx: Likewise.
* fltk/qualitypasswindow.h: Likewise.

Signed-off-by: Justus Winter <>
2 years agoqt: Fix pinentry-curses fallback for qt5
Andre Heinecke [Mon, 13 Feb 2017 16:34:24 +0000 (17:34 +0100)]
qt: Fix pinentry-curses fallback for qt5

* qt/main.cpp (main): Initialize QApplication later.

This fixes the curses fallback because with Qt5 the creation of
the auto_ptr for the application already initialized the XCB subsystem
and caused the abort of the application.

Also removes the usage of the deprecated auto_ptr.

2 years agocore: Show the command line in the titlebar.
Werner Koch [Fri, 3 Feb 2017 20:41:05 +0000 (21:41 +0100)]
core: Show the command line in the titlebar.

* pinentry/pinentry.c (get_cmdline): New.
(pinentry_get_title): Add the cmdline to the title.

This works only on Linux assuming that /proc/PID/cmdline is available.

Signed-off-by: Werner Koch <>
2 years agoUse a shared function to construct the title.
Werner Koch [Fri, 3 Feb 2017 20:00:52 +0000 (21:00 +0100)]
Use a shared function to construct the title.

* pinentry/pinentry.c (pinentry_get_title): New.
* qt/main.cpp (qt_cmd_handler): Use that function for the title.
* tty/pinentry-tty.c (confirm, password): Ditto.
* gnome3/pinentry-gnome3.c (create_prompt): Ditto.
* gtk+-2/pinentry-gtk-2.c (create_window): Ditto.
* pinentry/pinentry-emacs.c (set_labels): Ditto.

Signed-off-by: Werner Koch <>
2 years agogtk: Unless SETTITLE is used show the pid in the titlebar.
Werner Koch [Fri, 3 Feb 2017 16:16:43 +0000 (17:16 +0100)]
gtk: Unless SETTITLE is used show the pid in the titlebar.

* gtk+-2/pinentry-gtk-2.c (create_window): Display the pid as title.

This information could also be used to lookup the command line of the
process and show that in the titlebar.

Signed-off-by: Werner Koch <>
2 years agocore: New Assuan option "owner".
Werner Koch [Fri, 3 Feb 2017 16:15:24 +0000 (17:15 +0100)]
core: New Assuan option "owner".

* pinentry/pinentry.h (struct pinentry): Add fields 'owner_pid' and
* pinentry/pinentry.c (pinentry_reset): Take care of these fields.
(option_handler): New option "owner".

Signed-off-by: Werner Koch <>
2 years agocurses: Do not return OK on error.
Werner Koch [Fri, 3 Feb 2017 10:53:25 +0000 (11:53 +0100)]
curses: Do not return OK on error.

* pinentry/pinentry.c (cmd_confirm): Take care not to return OK if the
RESULT is negative.
* pinentry/pinentry-curses.c (dialog_create): Amend error reporting by
setting specific_err_loc.
(dialog_run): Use new var confirm_mode for clearness.  In confirm mode
return Cancel instead of error.  This is how the gtk Pinentry does it.

A common error case is that a tty is not available and thus the fopen
fails.  In this case it is plainly wrong to return OK, we would better
return CANCEL.  Even better the specicic_err thing is now used to
return a proper error code.  For example:

  $ pinentry-curses --ttyname=/dev/no/such/tty
  OK Pleased to meet you
  getinfo ttyinfo
  D /dev/no/such/tty - -
  S ERROR curses.open_tty_for_read 83918929
  ERR 83918929 No such file or directory <Pinentry>

The curses pinentry is also used as fallback from gtk.  Thus in this
case we now also get a error message back:

  $ pinentry-gtk-2 --display=/dev/null --ttyname=/dev/no/such/tty
  OK Pleased to meet you
  getinfo flavor
  D gtk2:curses
  getinfo ttyinfo
  D /dev/no/such/tty - /dev/null
  S ERROR gtk2.open_tty_for_read 83918929
  ERR 83918929 No such file or directory <Pinentry>

Returning an error instead of OK also fixes this bug: A background
task is asking to insert a certain smartcard and asks via pinentry for
it.  Now w/o a valid tty the old code return OK and gpg-agent started
new pinentries (which don't show up) over and over until the correct
card was inserted.

Signed-off-by: Werner Koch <>
2 years agocore: New command getinfo/ttyinfo
Werner Koch [Fri, 3 Feb 2017 10:39:13 +0000 (11:39 +0100)]
core: New command getinfo/ttyinfo

* pinentry/pinentry.c (remember_display): New var.
(pinentry_have_display): Peek at --display.
(pinentry_parse_opts): Set pinentry.display.
(cmd_getinfo): Add sub-command "ttyinfo".

Signed-off-by: Werner Koch <>
2 years agogtk2: Fix a problem with fvwm
Werner Koch [Wed, 11 Jan 2017 17:40:17 +0000 (18:40 +0100)]
gtk2: Fix a problem with fvwm

* gtk+-2/pinentry-gtk-2.c (grab_pointer): Take care of

Debian-bug-id: 850708
Co-authored-by: Vincent Lefevre <>
Signed-off-by: Werner Koch <>
2 years agognome3: Use the program name as default title.
Justus Winter [Mon, 16 Jan 2017 15:29:10 +0000 (16:29 +0100)]
gnome3: Use the program name as default title.

* gnome3/pinentry-gnome3.c (create_prompt): If no title is requested,
use the program name as the default title.  This mimics what the GTK+2
variant does (although the GTK+2 pinentry seems to use

GnuPG-bug-id: 2920
Signed-off-by: Justus Winter <>
2 years agognome3: Fix CONFIRM condition.
NIIBE Yutaka [Fri, 13 Jan 2017 05:22:33 +0000 (14:22 +0900)]
gnome3: Fix CONFIRM condition.

* gnome3/pinentry-gnome3.c (gnome3_cmd_handler): No buffer for PIN means
it's not passphrase input but confirmation dialog.

Signed-off-by: NIIBE Yutaka <>
2 years agoQt: Make sure extended grep is used with '|'.
Raphael Kubo da Costa [Sun, 18 Dec 2016 10:41:33 +0000 (11:41 +0100)]
Qt: Make sure extended grep is used with '|'.

* m4/qt.m4: Use grep -E when using the alternation character.

POSIX specifies '|' is only supposed to work as an alternation special
character when grep is used in extended mode. The code worked fine
with GNU grep because it accepts extended regular expressions by
default, but other POSIX-compliant implementations might fail and take
it literally.

Signed-off-by: Raphael Kubo da Costa <>
2 years agoFix spelling errors.
Daniel Kahn Gillmor [Tue, 6 Dec 2016 17:04:25 +0000 (12:04 -0500)]
Fix spelling errors.

Signed-off-by: Daniel Kahn Gillmor <>
2 years agoFix linkage problem in tty and emacs pinentries.
Werner Koch [Thu, 1 Dec 2016 08:10:08 +0000 (09:10 +0100)]
Fix linkage problem in tty and emacs pinentries.

* emacs/pinentry-emacs.c (curses_cmd_handler): Remove var.
* tty/pinentry-tty.c (curses_cmd_handler): Remove var.
* pinentry/pinentry.c (flavor_flag): New local var.
(pinentry_set_flavor_flag): New function.
(cmd_getinfo): Use FLAVOR_FLAG for the "flavor" sub-command.
* gnome3/pinentry-gnome3.c (main): Call pinentry_set_flavor_flag.
* gtk+-2/pinentry-gtk-2.c (main): Ditto.
* pinentry/pinentry-emacs.c (initial_emacs_cmd_handler): Ditto.
* qt/main.cpp (main): Ditto.

Fixes-commit: e4e3a9cc88704dcffac660d0b92fd1ed8abecc11
Fixes-commit: d126036671e7dd631babc118cb4113f723f15748
Signed-off-by: Werner Koch <>
2 years agoCreate SWDB entry during make distcheck
Werner Koch [Tue, 22 Nov 2016 08:16:05 +0000 (09:16 +0100)]
Create SWDB entry during make distcheck

* (DISTCHECK_CONFIGURE_FLAGS): Build emacs flavor.
(distcheck-hook): New.

Signed-off-by: Werner Koch <>
2 years agoPost release updates
Werner Koch [Tue, 22 Nov 2016 08:11:50 +0000 (09:11 +0100)]
Post release updates


2 years agoRelease 1.0.0 pinentry-1.0.0
Werner Koch [Tue, 22 Nov 2016 07:51:41 +0000 (08:51 +0100)]
Release 1.0.0

Signed-off-by: Werner Koch <>
2 years agoemacs: Add curses handler stub.
Werner Koch [Tue, 22 Nov 2016 07:59:41 +0000 (08:59 +0100)]
emacs: Add curses handler stub.

* emacs/pinentry-emacs.c (curses_cmd_handler): New stub.

Signed-off-by: Werner Koch <>
2 years agoUpdate config.{sub,guess} .
Werner Koch [Tue, 22 Nov 2016 07:44:16 +0000 (08:44 +0100)]
Update config.{sub,guess} .


2 years agognome3: Tighten up error messages when GNOME screensaver is absent.
Daniel Kahn Gillmor [Tue, 8 Nov 2016 20:37:25 +0000 (14:37 -0600)]
gnome3: Tighten up error messages when GNOME screensaver is absent.

* gnome3/pinentry-gnome3.c (pe_gnome_screen_locked): clean up error
messages when GNOME screensaver is absent or misbehaving.

Signed-off-by: Daniel Kahn Gillmor <>
2 years agoAdd fail-safe string termination for snprintf.
Werner Koch [Mon, 7 Nov 2016 07:37:11 +0000 (08:37 +0100)]
Add fail-safe string termination for snprintf.

* gtk+-2/pinentry-gtk-2.c (changed_text_handler): Make sure an
 snprintf buffer is always ternminated.
* pinentry/pinentry.c (my_strusage): Ditto.
(write_status_error): Ditto.
(cmd_getinfo): Ditto.
* w32/main.c (w32_strerror): Ditto.

This is to fix the surprising implementation of snprintf on Windows.
Note that we don't need this in GnuPG because there we use our own

Signed-off-by: Werner Koch <>
2 years agognome3: Avoid risk of uinitialized memory access.
Daniel Kahn Gillmor [Sat, 5 Nov 2016 21:53:47 +0000 (17:53 -0400)]
gnome3: Avoid risk of uinitialized memory access.

* gnome3/pinentry-gnome3.c (_propagate_g_error_to_pinentry): Ensure
that pinentry->specific_err_info is null-terminated.


It's possible that "%d: %s" ends up producing more than 20 additional
characters.  A 64-bit signed int at its minimum is
"-9223372036854775808", which is 20 characters.  On any platform where
gint is 128-bit (i don't know whether they exist), it could be
significantly more.

snprintf doesn't write the final NUL byte if the string exceeds the
buffer, so anyone reading specific_err_info as a NUL-terminated string
in such a case would go on to read uninitialized memory after the
buffer.  So we should force there to always be a NUL char after the
written buffer.  It would be simpler to use asprintf, but i suspect
that's not portable enough for use in pinentry.

Signed-off-by: Daniel Kahn Gillmor <>
Signed-off-by: Neal H. Walfield <>
2 years agotty: Declare dummy curses_cmd_handler.
Daniel Kahn Gillmor [Sun, 6 Nov 2016 03:26:35 +0000 (23:26 -0400)]
tty: Declare dummy curses_cmd_handler.

* tty/pinentry-tty.c: Declare a dummy handler for the
curses_cmd_handler for fallback.


This is needed for building pinentry-tty, which links to a copy of the
pinentry object which doesn't have curses (it makes no sense to
fallback from tty to curses).  But the new cmd_info in
pinentry/pinentry.c needs some sort of value to test against when
reporting the flavor.

You can replicate this linker error from git with:

     ./configure --enable-maintainer-mode \
       --enable-{fallback-curses,pinentry-tty} \
       --disable-{inside-emacs,libsecret} && make

Which produces:

    gcc  -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wformat -Wno-format-y2k -Wformat-security -W -Wno-sign-compare -Wno-missing-field-initializers -Wdeclaration-after-statement -Wno-pointer-sign -Wpointer-arith   -o pinentry-tty pinentry-tty.o ../pinentry/libpinentry.a ../secmem/libsecmem.a -lassuan -L/usr/lib/x86_64-linux-gnu -lgpg-error -L/usr/lib/x86_64-linux-gnu -lgpg-error  -lcap
    ../pinentry/libpinentry.a(pinentry.o): In function `cmd_getinfo':
    «BUILDDIR»/pinentry/pinentry.c:1457: undefined reference to `curses_cmd_handler'
    collect2: error: ld returned 1 exit status
    Makefile:410: recipe for target 'pinentry-tty' failed
    make[2]: *** [pinentry-tty] Error 1
    make[2]: Leaving directory '«BUILDDIR»/tty'

One could argue that developers who --enable-tty then must also
--disable-fallback-curses, but that would just mean that it's
impossible to't build one of the graphical pinentries at the same time
(with curses fallback) as you are actually building pinentry-tty.
Arguably, though, the ./configure script should figure out the right
thing to do in this case and the build each variant sensibly.

This patch is a hack to ensure that pinentry-tty continues to link
properly even when other pinentries are being built concurrently with
a curses fallback.

Signed-off-by: Daniel Kahn Gillmor <>
2 years agognome3: Fall back to curses if screensaver is locked.
Daniel Kahn Gillmor [Sun, 6 Nov 2016 07:17:04 +0000 (02:17 -0500)]
gnome3: Fall back to curses if screensaver is locked.

* gnome3/pinentry-gnome3.c (pe_gnome_screen_locked): New Function.
Returns true only if we can talk to a GNOME screensaver over D-Bus and
it assures us that it is locked.
(main): If GNOME screensaver is locked, fall back to curses.


We assume that if pinentry is triggered while the screensaver is
locked, then it is likely being done by some sort of remote connection
(e.g. ssh), and isn't being done directly from the graphical console.
In that case, prompting at the graphical console won't be able to get
the attention of the user, so we should fall back to curses if

GnuPG-bug-id: 2818

2 years agognome3: Test if Gcr System Prompter is available at startup.
Daniel Kahn Gillmor [Thu, 3 Nov 2016 16:31:40 +0000 (12:31 -0400)]
gnome3: Test if Gcr System Prompter is available at startup.

* gnome3/pinentry-gnome3.c (gcr_system_prompt_available): New. Tests
whether it is possible to create a GcrSystemPrompt.
(main): Use gcr_system_prompt_available() to decide whether to fall
back to curses or not.

Debian-bug-id: 842015
Signed-off-by: Daniel Kahn Gillmor <>
2 years agobuild: Avoid unnecessary dependency on gtk+-2 for GNOME3 development.
Daniel Kahn Gillmor [Sat, 5 Nov 2016 04:44:53 +0000 (00:44 -0400)]
build: Avoid unnecessary dependency on gtk+-2 for GNOME3 development.

* There is no reason to reject building the GNOME3
pinentry if GTK+-2 development libraries are not present.  GNOME3 does
not require GTK+-2.

Signed-off-by: Daniel Kahn Gillmor <>
2 years agoall: Prefer https:// over http:// in source where possible.
Daniel Kahn Gillmor [Sat, 5 Nov 2016 04:25:12 +0000 (00:25 -0400)]
all: Prefer https:// over  in source where possible.

This change cleans up as many internal web references as possible, to
make them use https.  In some cases, the canonical references had
slightly different URLs in addition to the change in schema.

Sadly, is still http-only.

Signed-off-by: Daniel Kahn Gillmor <>
2 years agognome3: Avoid using gnome and gcr symbol namespace.
Werner Koch [Sat, 5 Nov 2016 10:42:24 +0000 (11:42 +0100)]
gnome3: Avoid using gnome and gcr symbol namespace.

* gnome3/pinentry-gnome3.c (struct _gnome3_run): Rename to
(_gcr_prompt_password_done): Rename to pe_gcr_prompt_password_done.
(_gcr_prompt_confirm_done): Rename to pe_gcr_prompt_confirm_done.
(_gcr_timeout_done): Rename to pe_gcr_timeout_done.

Signed-off-by: Werner Koch <>
2 years agognome3: Honor timeout.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:52 +0000 (18:57 -0400)]
gnome3: Honor timeout.

* gnome3/pinentry-gnome3.c (create_prompt): Use timeout to determine
how long to wait for Gcr to provide a system prompt before giving up.
(_gcr_timeout_done): New.  Record that a timeout has elapsed.
(gnome3_cmd_handler): Set up a timeout before launching the prompt,
and tear it down afterward.
(_gcr_prompt_password_done): Report timeout differently from normal
(_gcr_prompt_confirm_done): Report timeout differently from normal


Without this change, pinentry-gnome3 does not respect the timeout
parameter at all, and can hang indefinitely in the event that the
system prompter is locked or the user is ignoring the session.

Signed-off-by: Daniel Kahn Gillmor <>
2 years agognome3: Convert password/confirmation to asynchronous model.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:51 +0000 (18:57 -0400)]
gnome3: Convert password/confirmation to asynchronous model.

* gnome3/pinentry-gnome3.c (gnome3_cmd_handler): Convert main part of
password or confirmation fetching into asynchronous code by moving
completion into...
(_gcr_prompt_password_done): ... here and...
(_gcr_prompt_confirm_done): ... here.


The async programming interface to gcr is necessary if we want to be
able to enforce a timeout, which will happen in the next patch in this

Signed-off-by: Daniel Kahn Gillmor <>
Did not apply cleanluy due to me comment reformatting in a former
patch. Fixed.  -wk

2 years agoqt: Report timeout.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:50 +0000 (18:57 -0400)]
qt: Report timeout.

* qt/pinentryconfirm.h (PinentryConfirm): Add _timed_out, timedOut().
* qt/pinentrydialog.h (PinentryDialog): Add _timed_out, timedOut().
* qt/pinentryconfirm.cpp (slotTimeout): Record elapsed timeout.
(PinentryConfirm): Initialize _timed_out to false.
(timedOut): New. Returns value of _timed_out.
* qt/pinentryDialog.cpp (slotTimeout): Record elapsed timeout.
(PinentryDialog): Initialize _timed_out to false.
(timedOut): New. Returns value of _timed_out.
* qt/main.cpp (qt_cmd_handler): Report if canceled due to timeout.

Signed-off-by: Daniel Kahn Gillmor <>
2 years agocurses: Report timeout.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:49 +0000 (18:57 -0400)]
curses: Report timeout.

* pinentry/pinentry-curses.c (dialog_run): Report if canceled due to

Signed-off-by: Daniel Kahn Gillmor <>
2 years agogtk2: Report timeout.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:48 +0000 (18:57 -0400)]
gtk2: Report timeout.

* gtk+-2/pinentry-gtk-2.c (create_window): Send pointer to pinentry
into timeout_cb.
(timeout_cb): Report if canceled due to timeout.

Signed-off-by: Daniel Kahn Gillmor <>
Fixed a shadowed variable in timeout_cb.

Signed-off-by: Werner Koch <>
2 years agotty: Report timeout.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:47 +0000 (18:57 -0400)]
tty: Report timeout.

* tty/pinentry-tty.c (confirm): Report if canceled due to timeout.
(password): Report if canceled due to timeout.

Signed-off-by: Daniel Kahn Gillmor <>
2 years agognome3: Propagate GError messages to pinentry.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:46 +0000 (18:57 -0400)]
gnome3: Propagate GError messages to pinentry.

* gnome3/pinentry-gnome3.c (_propagate_g_error_to_pinentry): New. Send
GError messages back out to pinentry error reporting.
(create_prompt): Use _propagate_g_error_to_pinentry on error.
(gnome3_cmd_handler): Use _propagate_g_error_to_pinentry on error.

Signed-off-by: Daniel Kahn Gillmor <>
Modified to take care of malloc failure.  Also fixed alignment of some
old comments.

Signed-off-by: Werner Koch <>
2 years agognome3: Set parent window.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:45 +0000 (18:57 -0400)]
gnome3: Set parent window.

* gnome3/pinentry-gnome3.c (create_prompt): Tell Gcr about the caller
window, if we know it.

Signed-off-by: Daniel Kahn Gillmor <>
2 years agocore: Add command getinfo/flavor.
Werner Koch [Sat, 5 Nov 2016 09:55:46 +0000 (10:55 +0100)]
core: Add command getinfo/flavor.

* pinentry/pinentry.c: Inlcude pinentry-curses.h.
(cmd_getinfo): Add sub-command "flavor"

Signed-off-by: Werner Koch <>
2 years agoConvert to UTF-8.
Daniel Kahn Gillmor [Thu, 3 Nov 2016 16:59:18 +0000 (12:59 -0400)]
Convert to UTF-8.

Signed-off-by: Daniel Kahn Gillmor <>
2 years agoFix spelling errors.
Daniel Kahn Gillmor [Thu, 3 Nov 2016 16:59:17 +0000 (12:59 -0400)]
Fix spelling errors.

Signed-off-by: Daniel Kahn Gillmor <>
Note that this also updates
     \texinfoversion to 2016-11-03.12

Signed-off-by: Werner Koch <>
2 years agocore: Don't report error on setting option 'allow-emacs-pinentry'.
Daiki Ueno [Mon, 10 Oct 2016 08:33:36 +0000 (10:33 +0200)]
core: Don't report error on setting option 'allow-emacs-pinentry'.

Previously "OPTION allow-emacs-pinentry" returned an error if the Emacs
pinentry is not compiled in.  Since it is merely an option, it would
make more sense to just return OK.

Suggested-by: Werner Koch <>
Signed-off-by: Daiki Ueno <>
2 years agognome3: Drop unnecessary use of gtk
Werner Koch [Tue, 4 Oct 2016 08:35:52 +0000 (10:35 +0200)]
gnome3: Drop unnecessary use of gtk

* pinentry-gnome3 only needs gcr-base, not gcr.
* gnome3/pinentry-gnome3.c (main): Instead of testing whether GTK can
be loaded, check for DBUS_SESSION_BUS_ADDRESS.
(create_prompt): Use fprintf (stderr, ...) instead of g_warning (...),
to align with the rest of pinentry.c.

pinentry-gnome3 really just uses gcr and libsecret -- there is no
direct use of gtk at all.  By linking only to the minimal gcr-base-3
and avoiding gcr-3 itself, we remove many unnecessary library
dependencies from pinentry-gnome3.

Specifically, "ldd $(which pinentry-gnome3) | wc -l" goes from 69 to
23 on debian testing.

Signed-off-by: Daniel Kahn Gillmor <>
Added missing LF.

Signed-off-by: Werner Koch <>
2 years agocore: Add a way to print ERROR status lines.
Werner Koch [Tue, 4 Oct 2016 07:36:39 +0000 (09:36 +0200)]
core: Add a way to print ERROR status lines.

* pinentry/pinentry.h (struct pinentry): New fields SPECIFIC_ERR_LOC
* pinentry/pinentry.c (pinentry_reset): Free the new field.
(write_status_error): New.
(cmd_getpin): Use new fields.
(cmd_confirm): Ditto.
* gnome3/pinentry-gnome3.c (create_prompt): Set error for failed

Signed-off-by: Werner Koch <>
2 years agotty: Provide default text for "notok".
Ineiev [Fri, 8 Apr 2016 12:33:05 +0000 (15:33 +0300)]
tty: Provide default text for "notok".

* tty/pinentry-tty.c (confirm): Provide default text for "notok".


gniibe changed the commit message.

2 years agotty: Fix underscore processing in accelerators.
Ineiev [Fri, 8 Apr 2016 12:26:33 +0000 (15:26 +0300)]
tty: Fix underscore processing in accelerators.

* tty/pinentry-tty.c (button): Fix underscore processing in

2 years agotty: Refactor usage of tolower.
Ineiev [Fri, 8 Apr 2016 12:17:59 +0000 (15:17 +0300)]
tty: Refactor usage of tolower.

* tty/pinentry-tty.c (button): Apply tolower to the result.
* tty/pinentry-tty.c (confirm): Compare lowercased character instead of
converting them every time.


gniibe changed the original patch to keep output to TTY.

2 years agocurses: Return better error codes for bad ttynames
Werner Koch [Thu, 1 Sep 2016 08:03:22 +0000 (10:03 +0200)]
curses: Return better error codes for bad ttynames

* pinentry/pinentry-curses.c (dialog_create): Return better error

With this change the error message is now

  $ MYTTY=$(tty)
  $ echo getpin | env -i pinentry-curses -d  --ttyname "$MYTTY"
  OK Pleased to meet you
  pinentry-curses: no LC_CTYPE known - assuming UTF-8
  ERR 83886383 Required environment variable not set <Pinentry>

Note that with the current released libgcrypt an unknown error code
will be printed.

GnuPG-bug-id: 2452
Signed-off-by: Werner Koch <>
2 years agoQt: Add SetWindowPos based foreground hack for Win
Andre Heinecke [Thu, 18 Aug 2016 12:55:27 +0000 (14:55 +0200)]
Qt: Add SetWindowPos based foreground hack for Win

* qt/pinentrydialog.cpp(raiseWindow): Add another fallback for
our foreground window hacks.

Even if SetForegroundWindow or SetForegroundWindowEx do not report
failures we are not always brought to front. So additionally
afterwards we also set our Window Position to be absolutely
in foreground and afterards remove that (so that a user
may still but us in the background).

This fixes the weird behavior that repeated pinentries for
symmetric encryption open in background.

2 years agoQt: Disable automatic wrap for desc and errors
Andre Heinecke [Fri, 12 Aug 2016 11:07:54 +0000 (13:07 +0200)]
Qt: Disable automatic wrap for desc and errors

* qt/pinentrydialog.cpp (PinEntryDialog): Disable WordWrap.

The agent already sends line breaks which should be respected.
This fixes the problem that pinentry-qt would break ssh fingerprints
because it treated the colon as a breakable character.

GnuPG's translators and GnuPG itself should take care how descriptions
and errors should be formatted.

2 years agoUpdate NEWS
Andre Heinecke [Wed, 1 Jun 2016 13:15:41 +0000 (15:15 +0200)]
Update NEWS


2 years agoQt: Append -std=c++11 if building against Qt 5.7
Kristian Fiskerstrand [Thu, 11 Aug 2016 12:44:37 +0000 (14:44 +0200)]
Qt: Append -std=c++11 if building against Qt 5.7

 * m4/qt.m4: Append -std=c++11 to CFLAGS if building against Qt 5.7

Qt 5.7 enables C++11 for Qt modules, and any app relying on it require to be
compiled with at least this standard.

This patch adds detection for Qt 5.7 and make sure -std=c++11 is passed if
building against Qt 5.7 or higher.

2 years agoFix ncurses build.
Ben Kibbey [Tue, 2 Aug 2016 01:25:32 +0000 (21:25 -0400)]
Fix ncurses build.

* pinentry/ Add NCURSES_CFLAGS.

Signed-off-by: Ben Kibbey <>
2 years agogtk2: Also grab the pointer.
Justus Winter [Tue, 2 Aug 2016 10:34:07 +0000 (12:34 +0200)]
gtk2: Also grab the pointer.

* gtk+-2/pinentry-gtk-2.c (grab_pointer): New function.
(ungrab_keyboard): Rename to 'ungrab_inputs' and also release the
pointer grab.
(create_window): Also grab the pointer.

GnuPG-bug-id: 2430
Signed-off-by: Justus Winter <>
2 years agogtk2: Be more persistent trying to grab the keyboard.
Justus Winter [Mon, 1 Aug 2016 15:49:50 +0000 (17:49 +0200)]
gtk2: Be more persistent trying to grab the keyboard.

We seem to get the 'visibility-notify' event before X is willing to
let us grab the keyboard, insisting that the target window is not
viewable (sic).

* gtk+-2/pinentry-gtk-2.c (grab_keyboard): Retry grabbing the

GnuPG-bug-id: 2375
Signed-off-by: Justus Winter <>
2 years agogtk2: Print keyboard grabbing errors.
Justus Winter [Mon, 1 Aug 2016 15:18:32 +0000 (17:18 +0200)]
gtk2: Print keyboard grabbing errors.

* gtk+-2/pinentry-gtk-2.c (grab_strerror): New function.
(grab_keyboard): Use the new function to print the error.

Signed-off-by: Justus Winter <>
2 years agogtk2: Avoid possible format string troubles.
Justus Winter [Mon, 1 Aug 2016 13:01:21 +0000 (15:01 +0200)]
gtk2: Avoid possible format string troubles.

* gtk+-2/pinentry-gtk-2.c (confirm_unhiding): Do not use message as
format string.

Signed-off-by: Justus Winter <>
2 years agoQt: Only use one line action for visibility
Andre Heinecke [Mon, 25 Apr 2016 10:08:03 +0000 (12:08 +0200)]
Qt: Only use one line action for visibility

* qt/pinentrydialog.cpp (PinEntryDialog::toggleVisibility): Toggle
both lines in repeat mode.
(PinEntryDialog::PinEntryDialog): Remove repeat line action.

It does not appear sensible to show / hide only one edit in
repeat mode this should make the usage of the visibility action
a bit more intutive.

2 years agoQt: Move qualitybar below repeat
Andre Heinecke [Mon, 25 Apr 2016 10:05:35 +0000 (12:05 +0200)]
Qt: Move qualitybar below repeat

* qt/pinentrydialog.cpp (PinEntryDialog::PinEntryDialog): Move
quality bar below repeat.

Havin the repeat directly below the entry field looks better and
adds more connection between the entries.

2 years agoQt: Do not take icon from theme
Andre Heinecke [Mon, 25 Apr 2016 09:11:51 +0000 (11:11 +0200)]
Qt: Do not take icon from theme

* qt/main.cpp (main): Revert changes to take icon from theme.

Feedback was that pinentry should be recognisable and use it's
own Icon.

3 years agoQt: Change qualitybar position back to below
Andre Heinecke [Fri, 15 Apr 2016 08:32:06 +0000 (10:32 +0200)]
Qt: Change qualitybar position back to below

* qt/pinentrydialog.cpp (PinEntryDialog::PinEntryDialog): Change
position back to below the entry. Fix label alignment.

While I find it more pleasing to have it at the top
the string for the tooltip mentions that the quality bar is
related to "above" entry.

3 years agogtk2: Add a button to show/hide the passphrase.
Andre Heinecke [Fri, 15 Apr 2016 07:51:24 +0000 (09:51 +0200)]
gtk2: Add a button to show/hide the passphrase.

* gtk+-2/pinentry-gtk-2.c (HIG_TINY): New.
 (confirm_unhiding): New.
 (show_hide_button_toggled): New.
 (create_show_hide_button): New.
 (create_window): Add a show/hide button.

This is an alternative implementation to the checkbox
reverted with rev. 71b51e0.
The patch is based on a patch by Werner Koch <>
modifications done by aheinecke are:
- Use of strings provided by the gpg-agent
- Switching the visibility state of the edit.
- Using a monospace font for the label to avoid size
  changes when toggling the button.
- Use of a default button label for cancel in the confirm dialog
  as the agent only sends a string that is useful for show.

3 years agoRevert "GTK: Add visibility toggle button"
Andre Heinecke [Thu, 14 Apr 2016 14:34:36 +0000 (16:34 +0200)]
Revert "GTK: Add visibility toggle button"

This reverts commit 71b51e02cf20174ba7144765e985f7e889eaa429.

3 years agoGTK: Add visibility toggle button
Andre Heinecke [Thu, 14 Apr 2016 13:56:09 +0000 (15:56 +0200)]
GTK: Add visibility toggle button

* gtk+-2/pinentry-gtk-2.c (create_window): Create checkbox.
 (show_passphrase_toggled): New. Do the toggling.

GnuPG-Bug-ID: 2139

3 years agoQt: Restrict list of icon themes to try
Andre Heinecke [Thu, 14 Apr 2016 13:21:13 +0000 (15:21 +0200)]
Qt: Restrict list of icon themes to try

* qt/main.cpp (main): Only search in select icon themes.

Gnome Icon theme does not use a lock for document-encrypt icon
and this looks strange. Mainly the goal is not to show the Oxygen
Icon built into pinentry on a breeze Desktop.

3 years agoQt: Add actions to make passphrase visible
Andre Heinecke [Thu, 14 Apr 2016 13:01:47 +0000 (15:01 +0200)]
Qt: Add actions to make passphrase visible

* qt/main.cpp (qt_cmd_handler): Support visibility tooltips.
* qt/pinentrydialog.cpp (PinEntryDialog::PinEntryDialog):
 Add a checkbox or line actions.
 (PinEntryDialog::checkRepeat): Renabed to textChanged.
 (PinEntryDialog::toggleVisibility): New. Toggle echo mode.
* qt/pinentrydialog.h: Update accordingly.

The Action comes in two flavors to avoid having to include new
icons in pinentry (and thus have a text-only fallback) and also
because Qt4 does not support direct line edit actions and I don't
want to raise the requirement to Qt 5.2 yet.

GnuPG-Bug-ID: 2139

3 years agoAdd support for visibility string options
Andre Heinecke [Thu, 14 Apr 2016 12:58:46 +0000 (14:58 +0200)]
Add support for visibility string options

* doc/pinentry.texi: Note new values.
* pinentry/pinentry.c (pinentry): Add default_cf_visi,
 default_tt_visi and default_tt_hide.
 (option_handler): Parse new values.
* pinentry/pinentry.h (pinentry_t): Add new values.

3 years agoQt: Implement repeat and improve grabbing
Andre Heinecke [Thu, 14 Apr 2016 10:00:51 +0000 (12:00 +0200)]
Qt: Implement repeat and improve grabbing

The keyboard is now only grabbed if an edit has input focus.

* qt/main.cpp (qt_cmd_handler): Parse repeat values. Set repeat_okay.
* qt/pinentrydialog.cpp (PinentryDialog::PinentryDialog): Update
 layout. Add repeat label and edit. Connect focusChanged.
 (PinEntryDialog::hideEvent): Remove grabbing hack.
 (PinEntryDialog::focusChanged): New. Properly handle grabbing.
 (PinEntryDialog::checkRepeat): New. Enable Ok if repeat matches.
 (PinEntryDialog::repeatedPin): New. Getter for repeated pin.
 (PinEntryDialog::setRepeatErrorText): Setter for error.
* qt/pinentrydialog.h: Update accordingly.

Adding repeat mode made it neccessary to fix the grabbing
which globally grabbed the keyboard for the line edit
as long as the window was shown.

Now we only grab when a line edit has focus. This has the
advantage that you can still work with other windows while
pinentry is open but not focused.

The new grabbing should improve security a bit as it reduces
the need for a global no-grab setting. I've verified with xev
that keyboard grabbing still works when one of the lineedits
in pinentry has focus.

3 years agoQt: Respect icon themes and only fallback to own
Andre Heinecke [Thu, 14 Apr 2016 07:53:37 +0000 (09:53 +0200)]
Qt: Respect icon themes and only fallback to own

* m4/qt.m4: Raise version requirement.
* qt/main.cpp (main): Use QIcon::fromTheme to get the icon.

3 years agoQt: Unify coding style and encoding
Andre Heinecke [Thu, 14 Apr 2016 07:32:21 +0000 (09:32 +0200)]
Qt: Unify coding style and encoding

* qt/main.cpp, qt/pinentryconfirm.cpp, qt/pinentryconfirm.h,
  qt/pinentrydialog.cpp, qt/pinentrydialog.h: Use KDE coding style.
  Encode as UTF-8.

Code reformatted using kde-dev-scripts/astyle-kdelibs.
Use git blame -w to show authorship as it was before this commit.

3 years agoQt: Fix Windows foreground window hacks for Qt5
Andre Heinecke [Fri, 4 Mar 2016 14:44:26 +0000 (15:44 +0100)]
Qt: Fix Windows foreground window hacks for Qt5

* qt/pinentrydialog.cpp: Use Q_OS_WIN instead of Q_WS_WIN
 (SetForegroundWindowEx): Handle new Wid type with casts.

Q_WS_WIN is no longer defined by Qt5

3 years agopinentry: Use stderr to print failures in password-cache.c
Stef Walter [Sun, 14 Feb 2016 17:06:52 +0000 (18:06 +0100)]
pinentry: Use stderr to print failures in password-cache.c

Otherwise this interferes with the assuan protocol expected
on stdout.

GnuPG-bug-id: 2243

3 years agoQt: Fix use after free in quality calculation
Andre Heinecke [Tue, 5 Jan 2016 11:44:32 +0000 (12:44 +0100)]
Qt: Fix use after free in quality calculation

* qt/pinentrydialog.cpp (PinEntryDialog::updateQuality): Keep UTF8
 byte array alive after conversion.

Same problem pattern as in Bug 2133 / commit f143d216

3 years agoPost release updates
Werner Koch [Mon, 7 Dec 2015 09:38:55 +0000 (10:38 +0100)]
Post release updates


3 years agoRelease 0.9.7 pinentry-0.9.7
Werner Koch [Mon, 7 Dec 2015 09:33:14 +0000 (10:33 +0100)]
Release 0.9.7

3 years agodoc: Add a note about translated strings in Pinentry.
Werner Koch [Tue, 1 Dec 2015 12:01:29 +0000 (13:01 +0100)]
doc: Add a note about translated strings in Pinentry.

Suggested-by: Daniel Kahn Gillmor
3 years agoRemove unused code.
Werner Koch [Tue, 1 Dec 2015 11:54:38 +0000 (12:54 +0100)]
Remove unused code.

* secmem/util.c (lower_privs, raise_privs): Remove commented

3 years agotty: Fix formatting.
Neal H. Walfield [Fri, 27 Nov 2015 09:26:46 +0000 (10:26 +0100)]
tty: Fix formatting.

* tty/pinentry-tty.c (password): Remove trailing space.

3 years agotty: Flush output. Show an error if an invalid option is selected.
Neal H. Walfield [Wed, 18 Nov 2015 12:40:47 +0000 (13:40 +0100)]
tty: Flush output.  Show an error if an invalid option is selected.

* tty/pinentry-tty.c (confirm): Flush the output after printing the
prompt.  Echo what the user typed.  If the user's selection is
invalid, indicate as much.

Signed-off-by: Neal H. Walfield <>
3 years agoQt: Do not use temporary reference to utf8 pin
Dirk Mueller [Wed, 21 Oct 2015 12:41:53 +0000 (14:41 +0200)]
Qt: Do not use temporary reference to utf8 pin

* qt/main.cpp (qt_cmd_handler): Keep utf8 pin byte array.

The pin pointer was invalid after the UTF8 conversion
as the converted byte array only was temporary in that
call and the data pointer becomes invalid after it's

Commit message amended by Andre Heinecke. The original
commit message was:

const char* does not keep the temporary string returned
from toUtf8() active, since it doesn't keep the reference counter
set. So you usually just copy out garbage instead of the
pin that was entered. Just keep the QByteArray which keeps
the reference active.

GnuPG-bug-id: 2133

3 years agoQt: Fix assignment of have_qt5_libs variable.
Andre Heinecke [Fri, 2 Oct 2015 08:21:55 +0000 (10:21 +0200)]
Qt: Fix assignment of have_qt5_libs variable.

* m4/qt.m4 (FIND_QT): Remove spaces in variable assignment.

GnuPG-bug-id: 2105

3 years agoQt: Fix quoting of have_qt5_libs init in FIND_QT
Andre Heinecke [Fri, 2 Oct 2015 07:47:21 +0000 (09:47 +0200)]
Qt: Fix quoting of have_qt5_libs init in FIND_QT

* m4/qt.m4 (FIND_QT): Quote initialization of have_qt5_libs var.


Problem reported by Kristian F.

GnuPG-bug-id: 2105

3 years agoAdd option to disable looking for qt5
Andre Heinecke [Fri, 25 Sep 2015 13:56:55 +0000 (15:56 +0200)]
Add option to disable looking for qt5

* m4/qt.m4 (FIND_QT): Add --disable-pinentry-qt5 option to
disable qt5 support even if it is available.

As requested by Kristan F.

GnuPG-bug-id: 2105

3 years agoAdd option "invisible-char".
Werner Koch [Wed, 16 Sep 2015 18:56:47 +0000 (20:56 +0200)]
Add option "invisible-char".

* pinentry/pinentry.h (struct pinentry): Add field invisible_char.
* pinentry/pinentry.c (pinentry_reset): Restore that.
(option_handler): Add option "invisible-char".
* gtk+-2/pinentry-gtk-2.c (create_window): Set the invisible char if

The default GTK+ invisible character is pretty wide so that only ~16
characters show up in the smalles pinentry.  This is a bit annoying if
the passphrase is a longer due to the missing visual feedback.  By
using #x2022 ("•") this allows for ~23 characters and a plain "*" even
3 more characters.  Tastes are different so we allow to change that
character at runtime.

Signed-off-by: Werner Koch <>
3 years agoPost release updates
Werner Koch [Thu, 10 Sep 2015 18:38:29 +0000 (20:38 +0200)]
Post release updates


3 years agoRelease 0.9.6 pinentry-0.9.6
Werner Koch [Thu, 10 Sep 2015 18:31:00 +0000 (20:31 +0200)]
Release 0.9.6

Signed-off-by: Werner Koch <>
3 years agotty: When reading the password, print any supplied error message.
Neal H. Walfield [Mon, 24 Aug 2015 08:43:33 +0000 (10:43 +0200)]
tty: When reading the password, print any supplied error message.

* tty/pinentry-tty.c (password): Print any supplied error message.

3 years agotty: Refactor the code for printing error messages.
Neal H. Walfield [Mon, 24 Aug 2015 08:42:40 +0000 (10:42 +0200)]
tty: Refactor the code for printing error messages.

* tty/pinentry-tty.c (dump_error_text): New function to display error
(confirm): Use it.
(password): Likewise.