Let’s look around and see if we can find where the call to pinentry happens. So, gpg talks to gpg-agent, gpg-agent talks to scdaemon and to pinentry, but only scdaemon knows when it’s waiting for the YubiKey. pinentry: a small program that gpg-agent uses to prompt the user for information.scdaemon: the smartcard daemon that gpg-agent uses to interact with the YubiKey.gpg-agent: a background process that provides encryption services to gpg.gpg: the entrypoint to the suite for example git calls this to obtain the commit signature.When I invoke GPG to sign a git commit, the following components are involved: It is composed of many small parts that work together to produce the overall result. So, now I can use pinentry to display a custom prompt, but can I make GPG invoke it at the right time? I decided to investigate by first finding how it produces the “Please unlock the card” prompt.Īt this point, let’s take a brief detour through the GPG suite architecture. Running pinentry and typing some commands makes it do my bidding! Reading the pinentry documentation, I discovered that it is controlled using a simple text-based protocol on its standard input. Two useful flavors are: pinentry-mac (provided by the MacGPG package) and pinentry-curses (built-in to GPG). Pinentry is a collection of utilities provided by the GPG suite (and, on the Mac, also provided by MacGPG) for prompting the user in a variety of ways. I wondered: could pinentry be used to produce a new type of prompt? And could GPG be made to invoke pinentry while waiting for me to touch my YubiKey? Exploring Pinentry This mechanism is provided by one of the components of the GPG suite: pinentry. It is used, for example, to enter an unlock PIN. GPG already provides a mechanism to prompt the user when it needs some interaction. The lack of user feedback for these very common parts of the engineering workflow is, as one might imagine, a significant productivity impediment. For maximum security we always configure them to require a physical touch before signing or authenticating. In particular, one specific shortcoming he mentioned was the fact that when a YubiKey is configured to require a tap to complete an operation through GPG, there is no visible on-screen feedback to the user.Īt Unit 410, YubiKeys are a very important part of our workflow: we use them for, among other things, signing git commits and authenticating SSH connections.
In a recent post, Drew discussed the important topic of usability and how it relates to security. Hurd is licensed under CC BY 2.0īy Joel Nordell, Engineering Introduction