thanks a lot Bernhard
Am 26.11.2018 um 11:55 schrieb Werner Koch: > Hi! > > Here is my reply to the Enigmail list which explains why this is indeed > not just a problem of gpg and that we can't have a perfect solution. > > For security reasons Windows has strict rules on which process can put > itself into the focus. Enigmail needs to tell Pinentry, via gpg, that > it may take the focus and request input. This is implemented by a > callback mechanism all the way from Pinentry, via gpg-agent and gpg up > to the calling process (Thunderbird here). > > In the case of Enigmail, it needs to call AllowSetForegroundWindow with > the process handle of the just created gpg process. In turn, gpg > detects the Pinentry launch and calls AllowSetForegroundWindow on the > Process handle of the started Pinentry. Only then then Pinentry may > display itself. Further, when calling AllowSetForegroundWindow the > process must have its Window already in the foregorund. > > Sometimes other Windows get in the way and even a correct implemented > AllowSetForegroundWindow chain will not work. As per Windows security > architecture, the Pinentry will announce itself in the taskbar. > > I would recommend to increase the passphrase caching time so > that the Pinentry dialog is not required too often. Usually there is > not much security gain by always entering the passphrase: Any attacking > malware will first install a keylogger and can thus grab the passphrase > in any case. > > > Salam-Shalom, > > Werner > -- spitzhalde9 D-79853 lenzkirch bernhard.kle...@gmx.net www.b-kleine.com, www.urseetal.net - thunderbird mit enigmail GPG schlüssel: D5257409 fingerprint: 08 B7 F8 70 22 7A FC C1 15 49 CA A6 C7 6F A0 2E D5 25 74 09
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
