[Feature Request] KeepassRPC support for pinentry/GnuPG


#1

I have a feeling this is beyond the scope of the project for various reasons, but it couldn’t hurt to ask. I use pinentry for GnuPG password entry (via enigmail in thunderbird primarily, but also for file operations in both windows and linux) multiple times a day, every day. I use autotype in keepass right now, and manually select my key from the list every time (the window title does not change based on PGP key). It seems pinentry supports allowing an external password manager to store and provide the password (something to do with an external cache), which at least gnome-keyring offers on linux systems with it installed. It would be nice to be able to get the password from keepass the same way other dialogs subject to Kee/KeeFox do.

Having stated the request, I expect this would either require a new (likely daemon-style) plugin to be developed or that functionality added to KeepassRPC, which seems to extend beyond its intended form. Both seem a bit unreasonable to ask of this project. If I’m wrong and this is a reasonable request, I’d love to see it happen.


#2

It’s probably the case that making changes to KeePassRPC to support this would not be within the scope of the plugin but also such changes may not actually be necessary in order to utilise KeePassRPC in this way.

There are two approaches that could be considered:

  1. A new daemon/service running on the system which can translate the language that pinentry understands into KeePassRPC API calls. This service could then register as a client of KeePassRPC in a similar way that Kee is authorised to connect to the plugin by a user typing in a short confirmation password.
  2. A new KeePass plugin that directly understands the pinentry communication language.

Without knowing enough about pinentry I can’t advise which approach would be easiest but if I were designing it, I’d be tempted to look at approach #2 first unless there is a big overlap in desired functionality with KeePassRPC (for example: Is the locally encrypted, SRP-authorised communication a vital feature or not? Does pinentry need to be able to save new entries to the KeePass database too? Presumably most or all of the URL handling/searching capacity of KeePassRPC would also go unused by pinentry)


#3

I’ve just come across https://github.com/dlech/KeeAgent/issues/173 - it sounds like that might be a better place to discuss pinentry/GPG integration with KeePass unless @dlech disagrees.


#4

Yes, that is a good place to discuss. It will probably end up being a standalone application that communicates with KeePassRPC though. I haven’t actually started on anything yet though.