Further thoughts on detecting a mistaken passphrase entry when encrypting. I have looked at both man gpg-agent and info and I could not immediately see anything to help, but I quickly became lost in the overwhelming volume of the entries :-) So perhaps there is something there that I have missed.
The user case is not the "usual" use of gpg for communicating with 2nd parties. Rather I am using symmetric encryption on local files and usually using a common (long) passphrase on a common set of those files. The plain text file is deleted after encryption for security. So if I make a mistake in entering the passphrase I have lost access. pinentry asks me to repeat the passphrase and that is obviously the main defence against getting things wrong. However, I am quite capable of misremembering a component of a passphrase that I have not used for a long time, or even using the wrong passphrase in an absent-minded moment. Having to repeat a long passphrase is quite laborious, and the suggestion below would solve that. My simple suggestion is that there be an option, perhaps even a tick-box on the entry window, that displays a checksum/fingerprint/hash of the entered passphrase. That hash can then be checked perhaps manually, perhaps directly against the known hash of the passphrase. If it is checked manually, it needs to be quite short. If the hash matches, there is no need to re-enter the passphrase. It also guards against re-entering a misremembered phrase. Something like this would be a huge improvement for my use case. Probably useful more generally. Of course, you would still need double entry when initially setting up a passphrase which does not yet have a hash. ael _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
