keepass-pinentry icon indicating copy to clipboard operation
keepass-pinentry copied to clipboard

Published 20 hours ago verified publisher icon djherbis

Support multiple GPG keys

Open MarkKoz opened this issue 2 years ago • 3 comments

This feature relies on getting a key ID from SETKEYINFO, so I assume it only works when --no-allow-external-cache is not set as a GPG agent option. This seems to be a reliable way to get a key ID except for this case. One aspect I am unsure of is what determines that format of the ID provided by the agent. The documentation states that it could be in 3 different forms. In practice, for me, it has used the n/key-grip format. To help the user figure out the exact value, a balloon notification with the key info string is shown if a matching entry cannot be found.

When the key info is available, the entry is looked up by comparing the username to the key info. Due to the nature of the key ID, it seems unlikely that there'll be a false positive match for some other unrelated entry. I figured allowing the title to be anything is nice for flexibility, but requiring "GPG" in the title too could be implemented if desired.

If for some reason the key info is cleared, the plugin instead looks up an entry by title using "GPG" as the search string. Then, it looks for the entry whose username is "default" (case-insensitive). An existing entry could be set as default by the user by using a password field reference for the default entry.

Some error handling has been added so that the GPG agent doesn't hang waiting for a response if the plugin is unable to find a suitable entry or crashes before the pin can be sent to the agent.

MarkKoz avatar Jan 27 '22 17:01 MarkKoz

Hey I'm still reviewing this! Was trying to fix my local build environment (Microsoft has gone and changed their docker images).

Once I've got it building, I'll test it out. Thanks!

djherbis avatar Jan 28 '22 15:01 djherbis

Yeah I had the same problem. IIRC I did manage to change it to the right base image, but then it complained that it's not supported by my platform. This is probably because I needed to switch to Windows container mode, but that requires a system restart so bleh. I just opened Visual Studio and built it that way.

Also, I realised that I forgot to update the README with new usage instructions. I suppose I will wait for your review in case something needs to be changed before I update the instructions.

MarkKoz avatar Feb 01 '22 03:02 MarkKoz

I'll move to github actions eventually.

Maybe if I have some time, I could help out with that as well. :)

Which prints out the keygrip, we should include that in the documentation updates.

I was using gpg --with-keygrip --list-secret-keys, which shows more info about keys (such as the descriptions), making it easier to find the right keygrip. This is what the documentation I linked to also suggests.

My concern with keygrips is specifically regarding the prefix. I haven't found a way to ask GPG for this prefix or any more documentation on what it means (I didn't look too hard). I'm not sure how to help users find this besides making them try to use the key and looking at the name in the error notification from KeePass.

MarkKoz avatar Feb 14 '22 06:02 MarkKoz