Project

General

Profile

Bug #15156

The pinentry dialog steals focus

Added by funkpants about 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
01/09/2018
Due date:
% Done:

100%

Feature Branch:
Type of work:
Research
Blueprint:
Starter:
Affected tool:

Description

Running Tails 3.3, If I use the openpgp applet to "Decrypt/Verify Clipboard", the password prompt steals focus for mouse and keyboard. This is problematic e.g. when using a password manager for the requisite password.

I just noticed that choosing "Encrypt Clipboard with Passphrase" steals focus as well for the pin entry.

I tried using keyboard shortcut Super+Tab to switch applications, but it seems all keyboard and mouse input is focused on that password prompt while it is up. Hopefully this is an easy fix.


Related issues

Blocks Tails - Feature #13245: Core work 2018Q1: Foundations Team Resolved 06/29/2017

Associated revisions

Revision f82251a8 (diff)
Added by intrigeri about 2 years ago

Document pinentry focus stealing issue and the corresponding GnuPG persistence upgrade manual step (Closes: #15156)

This should have been documented in the release notes when we released Tails
2.3, but we forgot.

History

#1 Updated by mercedes508 about 2 years ago

  • Assignee set to funkpants
  • Type of work changed from Code to Research

Are you using KeePassX?

If yes, is it open before triggering the password pop-up?

#2 Updated by funkpants about 2 years ago

I initially discovered this while using KeepassX, yes, but it has the same behavior even without any applications open.

Some additional details:

While the prompt is displayed, the mouse cursor changes into a big black dot, kind of like you would see as a character in the password prompt, only about 2.5x the diameter. This change occurs only when the password prompt or pin entry prompt are open, and then changes back to a normal cursor as soon as I press Enter, or click the "Cancel" or "OK" buttons. I can also click the "abc" button which shows the password/pin. On the other hand, I cannot drag/move the window using the cursor.

#3 Updated by intrigeri about 2 years ago

  • Assignee changed from funkpants to mercedes508

#4 Updated by mercedes508 about 2 years ago

  • Status changed from New to Confirmed
  • Assignee changed from mercedes508 to nodens

Ok, so I reproduced it on Tails 3.4. And effectively you either need to already had you password copied from its place (keepassx or somewhere else) to be able to paste it in the prompt box.

KeePassX doesn't display anymore an icon in the top-right corner to do some auto-type stuff, which was convenient for circumventing this issue, and this is due to #11205.

So I re-openend #11205 adding pointer to this ticket.

#5 Updated by intrigeri about 2 years ago

  • Subject changed from openpgp-applet decrypt/verify steals focus to The pinentry dialog steals focus
  • Assignee changed from nodens to intrigeri

mercedes508 wrote:

Ok, so I reproduced it on Tails 3.4. And effectively you either need to already had you password copied from its place (keepassx or somewhere else) to be able to paste it in the prompt box.

I'll look into it. IIRC we have switched to pinentry-gtk2 precisely in order to have an OpenPGP passphrase prompt that does not steal focus. FTR I expect this is not specific to OpenPGP applet but should affect all OpenPGP passphrase prompts.

KeePassX doesn't display anymore an icon in the top-right corner to do some auto-type stuff, which was convenient for circumventing this issue, and this is due to #11205.

I don't understand how displaying an icon there would help working around this issue: according to the OP both the keyboard and mouse focus are stolen by pinentry, which should block the user from using that icon just like it prevents them from starting KeePassX. Or did I misunderstand what you mean? (In particular I'm not sure I understood the "auto-type stuff".)

#6 Updated by intrigeri about 2 years ago

  • Assignee changed from intrigeri to mercedes508
  • QA Check set to Info Needed

I cannot reproduce this on Tails 3.4. But I have a hypothesis that might explain why you and the OP see this behaviour:

  1. You're using a ~/.gnupg that was made persistent before Tails 2.3, and thus gpg-agent.conf lacks the no-grab option.
  2. In Tails 2.3 we added the no-grab option to /etc/skel/.gnupg/gpg-agent.conf but the release notes did not document that users should update their persistent config accordingly.

So please verify if you have a ~/.gnupg/gpg-agent.conf file and if you have one, check whether it says grab or no-grab, or none of those. Drop any grab line and ensure there's a no-grab line. Reboot and try to reproduce.

#7 Updated by mercedes508 about 2 years ago

  • Assignee changed from mercedes508 to funkpants

Hi,

So please verify if you have a ~/.gnupg/gpg-agent.conf file and if you have one, check whether it says grab or no-grab, or none of those. Drop any grab line and ensure there's a no-grab line. Reboot and try to reproduce.

I did this and it fixed everything. So asking funkpants to try to do it as well, and hopefully close this ticket.

#8 Updated by funkpants about 2 years ago

I did not have a ~/.gnupg/gpg-agent.conf file, maybe because my persistence volume is quite old. I created one and added the no-grab line to it, and upon reboot this fixed the issue for me. Thanks for the help everybody!

#9 Updated by intrigeri about 2 years ago

  • Status changed from Confirmed to Resolved
  • % Done changed from 0 to 100

#10 Updated by intrigeri about 2 years ago

#11 Updated by intrigeri about 2 years ago

  • Assignee deleted (funkpants)
  • QA Check deleted (Info Needed)

Thank you both, documented the workaround on the Known Issues page :)

Also available in: Atom PDF