Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

password visiblity can't be fully hidden #496

Closed
Emonshr opened this issue Nov 3, 2019 · 7 comments
Closed

password visiblity can't be fully hidden #496

Emonshr opened this issue Nov 3, 2019 · 7 comments

Comments

@Emonshr
Copy link

Emonshr commented Nov 3, 2019

qtpass
When I go double click the needed account it just explores/shows the password by "Show Password" box checking, even if I check the "Hide Password", "Hide Content" boxes. Isn't it relevant to ask for the passphrase when we need to edit this password?

@issue-label-bot
Copy link

Issue-Label Bot is automatically applying the label bug to this issue, with a confidence of 0.85. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

@issue-label-bot issue-label-bot bot added the bug label Nov 3, 2019
@annejan
Copy link
Member

annejan commented Nov 26, 2019

When a passphrase is asked is up to gpg / gpg-agent . .

Would you like to have a feature added that makes showing of the password totally unavailable and just leaves the edit?
I don't really see how this should work.

@Emonshr
Copy link
Author

Emonshr commented Nov 26, 2019

Okay, I think it is about security. If anyone can see your password fields without providing any master key/passphrase that is insecure. And then the better approach can be, tell the gpg-agent to send the password field and save the password to a temporary helper process with encryption. If someone can provide the passphrase, then (s)he can get the required password.

@annejan
Copy link
Member

annejan commented Nov 26, 2019

This is exactly what happens / how QtPass (and pass) work . .

How often a passphrase is required is up to gpg-agent settings.

@Plloi
Copy link

Plloi commented Nov 26, 2019

if your not being asked for a password when you open the edit dialog it's one of two thing:

  • gpg-agent is holding your keyring open
    -- you can change this behaviour
  • You gpg key isn't password locked
    -- you can add a passphrase to your key.

@Emonshr
Copy link
Author

Emonshr commented Nov 26, 2019

gpg-agent is holding your keyring open
-- you can change this behaviour

@Plloi Then I'll try to work with this solution. Thank you everyone.

@annejan
Copy link
Member

annejan commented Nov 26, 2019

https://wiki.archlinux.org/index.php/GnuPG#Configuration_2

^=- the Arch wiki has a lot of information on configuring GPG agent

@annejan annejan closed this as completed Dec 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants