Gtk+-2 Pinentry

Introduction
Features
License
Installation
Feedback

Important Note

This patch is now officially part of the pinentry CVS. Please see this page for details. You need to check out the module pinentry using the CVS root :pserver:anoncvs@cvs.gnupg.org:/cvs/aegypten.

Introduction

Although the pinentry package comes with support for Gtk+-1.x libraries, this solution may be not optimal if you use it in an up-to-date Gtk+-2/Gnome 2 environment. I therefore hacked a version building on top of the current Gnome 2.6.1 release, which in turn uses Gtk+-2.4.1 and relates libraries. A screenshot of the resulting pinentry-gtk-2 application using the AquaX and aqua-meta themes and the German (de_DE) locale is shown below.

Features

The core part of pinentry-gtk-2 is a heavily stripped down implementation of Gtk+-2.4.0's gtk-entry widget. Basically, all the potentially insecure nifty features like drag'n'drop, clipboard and auto-completition support have been removed. The core loop is mostly stolen from the Gtk+-1.x implementation, but I added some more utf8 validation. The padlock icon is hard-coded into the source to avoid and security problems.

Please note that pinentry-gtk-2 is experimental beta software. Although I use it for quite a while without problems, I can not guarantee that it will work for you as expected, in particular that it's absolutely secure, doesn't leak your valuable passphrases to disk, degrade your karma, or do any other harm. You have been warned!

License

This patch is provided under the terms of the GNU Lesser General Public License (LGPL) as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Please see http://www.gnu.org/copyleft/lesser.html for a full text of the LGPL.

Installation

To use Gtk+-2 Pinentry, you need

Gtk+ version 2.4.0 or later installed correctly;
the pinentry-0.7.1 sources, available from ftp://ftp.gnupg.org/gcrypt/pinentry/;
the patch file pinentry-0.7.1-gtk+-2.4.diff.bz2 and (optionally) the related detached GPG signature pinentry-0.7.1-gtk+-2.4.diff.bz2.asc (see below for my GnuPG public key fingerprint).

Now, as usual unpack the pinentry source and cd to the source folder (you need gzip, bzip2, tar and patch):

gzip -dc <pinentry source package> | tar -xf -
cd pinentry-0.7.1
bzip2 -dc <patch file> | patch -p 1

It is now necessary to rebuild the automake and autoconf related files (you must have automake and autoconf installed):

automake
autoconf

Now configure the package according to your needs. As I use Gnome 2.6, but don't have kde installed, I say

./configure --enable-pinentry-gtk2 --enable-pinentry-qt=no --prefix=/usr

Build the package using

make

At this point, you can launch a first test

gtk+-2/pinentry-gtk-2

and enter GETPIN... now the pinentry window should come up!
To install, become root, type

make install

and make the pinentry binary (or binaries) SUID root if you want to use secure memory. As a last step, you should add the line

pinentry-program /usr/local/bin/pinentry-gtk-2

to your gpg-agent config file (usually $HOME/.gnupg/gpg-agent.conf) to make pinentry-gtk-2 the default pinentry application.

Feedback

I am of course interested in any feedback and experiences -good or bad- about this patch. Please send a (encrypted ;-) message to albrecht DOT dress AT arcor DOT de.

Author: Albrecht Dreß (albrecht DOT dress AT arcor DOT de, GnuPG public key fingerprint D027FFD1)
Contact info: Johanna-Kirchner-Straße 13, 53123 Bonn, Germany
Last change: October 4th, 2004