Pinentry is a collection of utilities provided by the GPG suite (and, on the Mac, also provided by MacGPG) for prompting the user in a variety of ways. I wondered: could pinentry be used to produce a new type of prompt? And could GPG be made to invoke pinentry while waiting for me to touch my YubiKey? Exploring Pinentry This mechanism is provided by one of the components of the GPG suite: pinentry. It is used, for example, to enter an unlock PIN. GPG already provides a mechanism to prompt the user when it needs some interaction. The lack of user feedback for these very common parts of the engineering workflow is, as one might imagine, a significant productivity impediment. For maximum security we always configure them to require a physical touch before signing or authenticating. In particular, one specific shortcoming he mentioned was the fact that when a YubiKey is configured to require a tap to complete an operation through GPG, there is no visible on-screen feedback to the user.Īt Unit 410, YubiKeys are a very important part of our workflow: we use them for, among other things, signing git commits and authenticating SSH connections. In a recent post, Drew discussed the important topic of usability and how it relates to security. Hurd is licensed under CC BY 2.0īy Joel Nordell, Engineering Introduction
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |